Microsoft has released the patch for actively exploited Zero-Day vulnerability using Microsoft Office documents and MSHTML. Microsoft has associated this vulnerability with CVE-2021-40444. This patch is released as part of Microsoft’s Patch Tuesday. All the users are requested to install these security updates immediately to avoid any impact associated with this vulnerability.
Microsoft updated in their official website that:
- Customers running Windows 8.1, Windows Server 2012 R2, or Windows Server 2012 can apply either the Monthly Rollup or both the Security Only and the IE Cumulative updates.
- The Monthly Rollup for Windows 7, Windows Server 2008 R2, and Windows Server 2008 includes the update for this vulnerability. Customers who apply the Monthly Rollup do not need to apply the IE Cumulative update.
- Customers who only apply Security Only updates need to also apply the IE Cumulative update to be protected from this vulnerability.
What is this Zero-day vulnerability in Internet Explorer?
The flaw is found in the MSHTML, the browser rendering engine that is utilized by the Microsoft Internet Explorer Web browser for reading and displaying HTML web pages from Word, Excel, and PowerPoint documents.
The attackers targeting the Microsoft Office users that are using Office 365 and Office 2019 on Windows 10 and many Windows Server versions.
Please read below article to know more about this vulnerability:
Active Zero-Day Attack on Microsoft Internet Explorer with Office 365
Found this article interesting? Follow DefenseLead on Twitter, Facebook and LinkedIn to read more exclusive content.