Australian Cyber Security Centre
Background /What has happened?
A vulnerability (CVE-2021-40444) has been identified in MSHTML, a component present in all installations of Microsoft Windows. A cyber actor could use a malicious ActiveX control in a Microsoft Office document to exploit this vulnerability. This malicious document would then likely be used as part of a spearphishing campaign.
Microsoft has identified that this vulnerability is currently being exploited.
/Public Release. This material from the originating organization/author(s) might be of the point-in-time nature, and edited for clarity, style and length. Mirage.News does not take institutional positions or sides, and all views, positions, and conclusions expressed herein are solely those of the author(s).View in full here.
