A new zero-day vulnerability that Microsoft has revealed is now being shared by threat actors on hacking platforms.
The vulnerability found in Windows MSHTML allows threat actors to create malicious documents to remotely execute commands on a victim’s computer.
Security researchers did not disclose details of the vulnerability for fear that other threat actors could misuse it after finding the malicious documents used in the attacks.
After the first disclosure of the attacks by Microsoft, hackers tried to reproduce the exploits, modify them for further functions, and find a new document preview vector.
Ultimately, the threat actors were able to reproduce the exploit on their own from data published online and have begun to create public information about the HTML component of the exploit.
Microsoft has responded with mitigation tools to block ActiveX controls in Internet Explorer, which is the default handler for the MSHTML protocol and document block preview in Windows Explorer.
Microsoft Defender and other security programs can also detect and block malicious documents and CAB files used in attacks.
For more information, read the original story in Bleeping Computer.