New Exploit Lets Malware Attackers Bypass Patch for Critical Microsoft MSHTML Flaw

A short-lived phishing campaign has been observed taking advantage of a novel exploit that bypassed a patch put in place by Microsoft to fix a remote code execution vulnerability affecting the MSHTML component with the goal of delivering Formbook malware.
“The attachments represent an escalation of the attacker’s abuse of the CVE-2021-40444 bug and demonstrate that even a patch can’t always

Source:: The Hackers News