A new zero-day vulnerability in the Trident MSHTML rendering engine for Windows is currently being exploited in targeted attacks, Microsoft has warned.
The company has received and confirmed reports that an attacker can write an ActiveX control, a now deprecated software framework that has been plagued by security issues, which can be deployed through malicious Microsoft Office documents.
Users would then be asked to open a Microsoft Office document that hosts the browser rendering engine to execute the malicious code.
Microsoft rates the vulnerability as 8.8 out of 10 on the Common Vulnerabilities Scoring System version 3.0, and said the attack complexity is low with proof-of-concept code being available.
The success of the attack depends on the privileges of the logged-in user being tricked into opening the malicious Office documents, with administrators being most at risk.
Microsoft's Protected View or Application Guard, which are used when opening Office documents from the internet, both prevent the attack.
Users who have auto-updated the Microsoft Defender Antivirus and Defender for Endpoints anti-malware software are also protected.
It is also possible to disable ActiveX controls on individual systems, to foil the attack.
At this stage, it is not known who is behind the attacks or what the malicious payload is.
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=271&w=480&c=1&s=1)
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
