- Posts: 6859
- Joined: 17 Sep 2008, 12:36
- Location: Tumbi Umbi, Central Coast, NSW
Background / What has happened?
A vulnerability (CVE-2021-40444) has been identified in MSHTML, a component present in all installations of Microsoft Windows. A cyber actor could use a malicious ActiveX control in a Microsoft Office document to exploit this vulnerability. This malicious document would then likely be used as part of a spearphishing campaign.
Microsoft has identified that this vulnerability is currently being exploited.
Further information on this vulnerability and specific affected Microsoft Windows versions is available in Microsoft’s security advisory.
Mitigation / How do I stay secure?
At this current time there is no patch available from Microsoft. However, Microsoft has identified some temporary mitigations in its security advisory which customers could implement to prevent exploitation. The ACSC recommends that customers review these workarounds and implement them if possible.
Customers should also monitor Microsoft’s security advisory for the release of a patch to address this vulnerability.