Expmon, one of several security firms that reported the zero-day exploit, told BleepingComputer the attack method is 100-percent reliable making it very dangerous. Once a user opens…
Why it matters: Microsoft has received reports of a remote code execution (RCE) vulnerability (CVE-2021-40444) hackers are actively exploiting. The attack uses maliciously crafted Microsoft Office files that open an ActiveX control using the MSHTML browser rendering engine. Vulnerable systems include Windows Server 2008 through 2019 and Windows 7 through 10. Expmon, one of several security firms that reported the zero-day exploit, told BleepingComputer the attack method is 100-percent reliable making it very dangerous.
