MSHTML zero-day exploited via malicious Office documents — no macros required, just opening the document triggers exploitation. Apply September 2021 patches. Block ActiveX in Office via Group Policy as compensating control.
Microsoft MSHTML Remote Code Execution Vulnerability allows attackers to craft malicious ActiveX controls used by Microsoft Office documents without triggering security warnings.
Supernova subscribers receive AI-triaged CVE alerts the moment they're published — before the PoC drops.
Start Supernova — $99/mo →