Tech »  Topic »  Microsoft Patches MSHTML Vulnerability

Microsoft Patches MSHTML Vulnerability


Flaws in Windows Scripting Engine and DNS Fixed Doug Olenick (DougOlenick) • September 14, 2021

Microsoft's September Patch Tuesday security update covers 61 vulnerabilities, with four rated critical.

See Also: 2021 Technology Spending Intentions Survey

This number is up from August when the company patched 44 vulnerabilities, but overall Microsoft has issued fewer patches in 2021 than in the previous year.

"So far in 2021, Microsoft patched less than 100 CVEs seven out of the last nine months, which is in stark contrast to 2020, which featured eight months of over 100 CVEs patched," says Satnam Narang, staff research engineer at Tenable.

MSHTML Vulnerability Patched

Microsoft patched CVE-2021-40444, a zero-day remote execution vulnerability that exists in MSHTML. Attackers have attempted to exploit this vulnerability by using specially crafted Microsoft Office documents, Microsoft said on Sept. 7.

"A malicious ActiveX control embedded in an Office document could be used to exploit ...


Copyright of this story solely belongs to bankinfosecurity . To see the full text click HERE