Metacurity

Share this post

Microsoft Warns of New Zero-Day Exploited in Real-World Attacks

metacurity.substack.com

Microsoft Warns of New Zero-Day Exploited in Real-World Attacks

German government reportedly bought NSO Pegasus spyware, Howard University cancels classes due to ransomware attack, REvil gang's servers come alive again, NZ orgs hit with DDoS attacks again, more

Cynthia Brumfield
Sep 8, 2021
∙ Paid
1
Share
Share this post

Microsoft Warns of New Zero-Day Exploited in Real-World Attacks

metacurity.substack.com

Microsoft’s security team issued an alert earlier today to warn about a new Internet Explorer zero-day (CVE-2021-40444) abused in real-world attacks that impacts Microsoft MHTML, also known as Trident, the Internet Explorer browser engine.

Although previously used in the defunct Internet Explorer browsers, MHTML is also used in Office applications to render web-hosted content inside Word, Excel, or PowerPoint documents. Details about the attacks discovered by Mandiant and EXPMON are not available. Microsoft plans to issue a patch next week; companies can disable ActiveX rendering to prevent CVE-2021-140444 exploitation. (Catalin Cimpanu / The Record)

Related: Security Week, Bleeping Computer, IT News, gHacks, Infosecurity Magazine, GBHackers On Security, The Hacker News, The Register - Security, Help Net Security, Microsoft

Highlighting the possibility that Western democracies, and not just despotic regimes, might be surveilling citizens with Pegasus spyware from notorious vendor NSO…

Keep reading with a 7-day free trial

Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.

Already a paid subscriber? Sign in
Previous
Next
© 2023 DCT Associates
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing