Attackers are actively attempting to exploit a vulnerability in MSHTML that allows them to craft a malicious ActiveX control to be used by Microsoft Office files.
Source: Threadpost
Microsoft, CISA Urge Mitigations for Zero-Day RCE Flaw in Windows
- Advertisement -
APLICATIONS
Microsoft Releases Workaround for ‘One-Click’ 0Day Under Active Attack
Threat actors already are exploiting vulnerability, dubbed ‘Follina’ and originally identified back in April, to target organizations in Russia and Tibet, researchers said.
Source: Threadpost
