CVE-2021-40444 : New Microsoft Office zero-day used in attacks to execute PowerShell
Microsoft Office zero day found by accident
Last Friday, security researcher nao_sec found a malicious Word document submitted to the Virus Total scanning platform from an IP address in Belarus.
"I was hunting files on VirusTotal that exploited CVE-2021-40444. Then I found a file that abuses the ms-msdt scheme," nao_sec told BleepingComputer in a conversation.
"It uses Word's external link to load the HTML and then uses the ‘ms-msdt’ scheme to execute PowerShell code,” the researcher added in a tweet, posting a screenshot of the obfuscated code below: