September 10, 2021 |
3 minute read
Written By
Lior Div
When it comes to zero day attacks against Microsoft products, I often feel like Bill Murray’s character in the movie Groundhog Day. It seems like I keep waking up to the same scenario over and over and over, with attackers repeatedly exploiting zero-day vulnerabilities against Microsoft products. It has been a very busy year when it comes to Microsoft zero-day attacks. According to Brian Krebs, May is the only month in 2021 that Microsoft didn’t release a patch to defend against at least one zero-day exploit. In July it was the PrintNightmare vulnerability. There were 6 different zero-day vulnerabilities patched in June. In March, Microsoft pushed out patches for 4 zero-day flaws in the Microsoft Exchange Server that were exploited in the HAFNIUM attacks. These same flaws were also discovered being used in our latest research discovery that uncovered Chinese espionage, the DeadRinger Report.
It happened yet again this week: Microsoft issued a security advisory for another zero-day currently being exploited in active attacks in the wild. The flaw is in the MSHTML component of Internet Explorer—a web browser Microsoft no longer supports, but it is still used for rendering web-based content in Microsoft Office applications.
You can read fresh analysis of the MSHTML issue here from the Cyb ..
Support the originator by clicking the read the rest link below.
