CVE-2021-40444 : New Microsoft Office zero-day used in attacks to execute PowerShell

Microsoft Office zero day found by accident

Last Friday, security researcher nao_sec found a malicious Word document submitted to the Virus Total scanning platform from an IP address in Belarus.

"I was hunting files on VirusTotal that exploited CVE-2021-40444. Then I found a file that abuses the ms-msdt scheme," nao_sec told BleepingComputer in a conversation.

"It uses Word's external link to load the HTML and then uses the ‘ms-msdt’ scheme to execute PowerShell code,” the researcher added in a tweet, posting a screenshot of the obfuscated code below:

https://www.bleepingcomputer.com/news/security/new-microsoft-office-zero-day-used-in-attacks-to-execute-powershell/ 

*Beware click the link!