Microsoft said it has identified a limited number of attacks targeting a remote code execution vulnerability in MSHTML that affects Microsoft Windows.
CISA released its own message urging “users and organizations to review Microsoft’s mitigations and workarounds to address CVE-2021-40444, a remote code execution vulnerability in Microsoft Windows.”
Microsoft said the vulnerability was first discovered by Rick Cole of the Microsoft Security Response Center, Haifei Li of EXPMON as well as Dhanesh Kizhakkinan, Bryce Abdo and Genwei Jiang of Mandiant.