The newly discovered flaw, designated CVE-2021-40444, exists in MS HTML, aka Trident, which is the HTML engine that’s been built into Windows since Internet Explorer debuted more than 20 years ago. Microsoft credits multiple researchers for discovering the flaw on Sunday. Security experts say this flaw appears destined to pose a serious threat for the foreseeable future. The exploit uses logical flaws so the exploitation is perfectly reliable, says one threat analyst at Mandiant, “It’s going to be worse than the Equation of Equation””]
Source: https://www.cuinfosecurity.com/zero-day-attacks-exploit-mshtml-flaw-in-microsoft-windows-a-17482