A true zero-day vulnerability from Microsoft (and what to do about it)

Zero-day vulnerabilities are system flaws that are disclosed (by the software vendor) or found (by security researchers) but have not been patched yet. In this case, the problem lies in the MSHTML component within Windows, which is what Internet Explorer uses to display web pages and what Office uses to preview and display certain types of documents.

 

The best protection against this vulnerability is you. Until Microsoft releases a patch, we are in a high-risk environment for malicious documents sent via email. Please review our phishing guide, and remember that you should never open an attachment unless it’s from someone you know and trust AND it is a file you were expecting to receive. Otherwise, assume that unsolicited documents are dangerous and please do not open them.

 

You may submit suspicious email to [email protected]. Thank you, and stay safe online and off!

More Information
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444