Windows MSHTML Zero-day Exploits Shared on Hacking Forums

September 13, 2021

A new zero-day vulnerability that Microsoft has revealed is now being shared by threat actors on hacking platforms.

The vulnerability found in Windows MSHTML allows threat actors to create malicious documents to remotely execute commands on a victim’s computer.

Security researchers did not disclose details of the vulnerability for fear that other threat actors could misuse it after finding the malicious documents used in the attacks.

After the first disclosure of the attacks by Microsoft, hackers tried to reproduce the exploits, modify them for further functions, and find a new document preview vector.

Ultimately, the threat actors were able to reproduce the exploit on their own from data published online and have begun to create public information about the HTML component of the exploit.

Microsoft has responded with mitigation tools to block ActiveX controls in Internet Explorer, which is the default handler for the MSHTML protocol and document block preview in Windows Explorer.

Microsoft Defender and other security programs can also detect and block malicious documents and CAB files used in attacks.

For more information, read the original story in Bleeping Computer.

Top Stories

Related Articles

June 9, 2026 Hackers exploited Meta’s AI-powered support chatbot to gain control of Instagram accounts, including several high-profile profiles. Meta more...

June 5, 2026 Security researchers have disclosed a new denial-of-service attack called HTTP/2 Bomb that can overwhelm major web servers more...

May 20, 2026 The Cybersecurity and Infrastructure Security Agency, the arm of the U.S. government tasked with protecting critical infrastructure more...

May 11, 2026 Instructure has restored access to its Canvas learning platform after a cyberattack disrupted service for universities and more...

Picture of TND News Desk

TND News Desk

Staff writer for Tech Newsday.
Picture of TND News Desk

TND News Desk

Staff writer for Tech Newsday.

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn