On September 7, 2021, Microsoft disclosed an active in-the-wild attack affecting Microsoft Windows.
"This vulnerability, CVE-2020-40444, is a remote code execution vulnerability in MSHTML. It does not currently have a patch, MSHTML is also referred to as Trident, is a legacy proprietary browser engine specific to Internet Explorer and Windows platforms. In-the-wild attacks on targets were observed to be using specially crafted malicious Microsoft Office documents. Like most such attacks, targets have to be compelled or lured to open the malicious document for it to run successfully.
This blog provides information on the vulnerability, how the attack works, and Fortinet product protections in place to address this vulnerability. Additional information can be found in the Threat Signal published by FortiGuard Labs on September 7..."
Read More ...