Microsoft is warning users that a new security vulnerability has been discovered in Internet Explorer that could leave them vulnerable to infected Office documents.
Microsoft ends support for Internet Explorer
The advisory was posted on the website of the Microsoft Security Response Center (MSRC), Microsoft's cybersecurity team that protects users from malicious actors and attacks.
The vulnerability has been dubbed CVE-2021-40444 and is described as a hole in MSHTML, the browser engine behind Internet Explorer. What threat actors do is create a Microsoft Office document that contains a malicious ActiveX control.
ActiveX controls are small pieces of software that allow websites to serve content within Internet Explorer. Once a user opens the infected document, the malicious ActiveX control implants malware onto the targeted computer.
