On September 2021 Patch Tuesday, Microsoft has fixed 66 CVE-numbered vulnerabilities in a wide variety of its solutions. Of these, the most crucial to address is CVE-2021-40444, the remote code execution MSHTML vulnerability actively exploited by attackers via malicious MS Office documents. “After this bug was discovered and became public knowledge on September 7, security researchers and analysts began swapping proof-of-concept examples of how an attacker might leverage the exploit,” noted SophosLabs Principal Researcher Andrew … More
The post Microsoft patches actively exploited MSHTML zero-day RCE (CVE-2021-40444) appeared first on Help Net Security.
Source: help net security.com