CVSS can also help security teams and developers prioritize threats and allocate resources effectively. The CVSS standards are used to help security researchers, software users, and vulnerability tracking organizations measure and report on the severity of vulnerabilities. This one has been assigned the designation CVE-2021-40444 and received a CVSS score of 8.8 out of 10. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Malwarebytes, as shown lower in this article, blocks the related malicious powershell code execution. Although it’s most commonly associated with Internet Explorer, it is also used in other software including versions of Skype, Microsoft Outlook, Visual Studio, and others.
MSHTML is a software component used to render web pages on Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents. The reason it was reported by several researchers probably lies in the fact that a limited number of attacks using this vulnerability have been identified, as per Microsoft’s security update. Several researchers have independently reported a 0-day remote code execution vulnerability in MSHTML to Microsoft.