Windows MSHTML Zero-day Exploits Shared on Hacking Forums

Share post:

A new zero-day vulnerability that Microsoft has revealed is now being shared by threat actors on hacking platforms.

The vulnerability found in Windows MSHTML allows threat actors to create malicious documents to remotely execute commands on a victim’s computer.

Security researchers did not disclose details of the vulnerability for fear that other threat actors could misuse it after finding the malicious documents used in the attacks.

After the first disclosure of the attacks by Microsoft, hackers tried to reproduce the exploits, modify them for further functions, and find a new document preview vector.

Ultimately, the threat actors were able to reproduce the exploit on their own from data published online and have begun to create public information about the HTML component of the exploit.

Microsoft has responded with mitigation tools to block ActiveX controls in Internet Explorer, which is the default handler for the MSHTML protocol and document block preview in Windows Explorer.

Microsoft Defender and other security programs can also detect and block malicious documents and CAB files used in attacks.

For more information, read the original story in Bleeping Computer.

Featured Tech Jobs


Related articles

Russian threat actor expanding its target list, warns Five Eyes report

APT29 is increasingly going after cloud services in mo

Canada’s privacy watchdog investigating hack at Global Affairs

Inquiry will look into adequacy of data safeguards at the federal

Sidebar: The powerful Digital Safety Commission

A look at the powers of the proposed five-person body charged with overseeing the Online

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways