New 0-Day Attack Targeting Windows Users With Microsoft Office Documents


Microsoft on Tuesday warned of an actively exploited zeroday flaw impacting Internet Explorer that’s being used to hijack vulnerable Windows systems by leveraging weaponized Office documents.

Tracked as CVE202140444 (CVSS score: 8.8), the remote code execution flaw is rooted in MSHTML (aka Trident), a proprietary browser engine for the nowdiscontinued Internet Explorer and which is used in Office to render web content inside Word, Excel, and PowerPoint documents.

Read More…