Microsoft today fixed a high severity zero-day vulnerability actively exploited in targeted attacks against Microsoft Office and Office 365 on Windows 10 computers.
The remote code execution (RCE) security flaw, tracked as CVE-2021-40444, was found in the MSHTML Internet Explorer browser rendering engine used by Microsoft Office documents.
According to Microsoft, CVE-2021-40444 impacts Windows Server 2008 through 2019 and Windows 8.1 or later, and it has a severity level of 8.8 out of the maximum 10.
“Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately.”