From bleepingcomputer.com
Microsoft today fixed a high severity zero-day vulnerability actively exploited in targeted attacks against Microsoft Office and Office 365 on Windows 10 computers.
The remote code execution (RCE) security flaw, tracked as CVE-2021-40444, was found in the MSHTML Internet Explorer browser rendering engine used by Microsoft Office documents.
According to Microsoft, CVE-2021-40444 impacts Windows Server 2008 through 2019 and Windows 8.1 or later, and it has a severity level of 8.8 out of the maximum 10.
“Microsoft has released security updates to address this vulnerability,” the company said today in an advisory update published as part of this month’s Patch Tuesday.
“Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately.”