Remote Code Execution 0-Day (CVE-2021-40444) Hits Windows, Triggered Via Office Docs

Trend Micro -

Zero-Day (CVE-2021-40444) Hits , Triggered Via Office Docs

Exploits &

Microsoft has disclosed the existence of a new zero-day that affects multiple versions of Windows. This vulnerability (designated as CVE-2021-40444) is currently delivered via malicious Office 365 documents and requires user input to open the file to trigger.

Microsoft has disclosed the existence of a new zero-day vulnerability that affects multiple versions of Windows. This vulnerability (designated as CVE-2021-40444) is currently delivered via malicious Office 365 documents and requires user input to open the file to trigger. It should be noted that by default, Office documents downloaded from the internet are opened either in Protected View or Application Guard, both of which would mitigate this particular .

If the attacker is able to convince the victim to download the file and bypass any mitigation, it would trigger the vulnerability and cause a malicious file to be downloaded and run on the affected machine. Currently, this vulnerability is used to deliver payloads.

Microsoft has

Read More: https://www.trendmicro.com/en_us/research/21/i/remote-code-execution-zero-day--cve-2021-40444--hits-windows--tr.html