We’ve been made aware of a critical vulnerability which would allow an attacker to gain control of a PC via a user visiting a compromised site in Internet Explorer.
The compromised site would install an Active X control which in conjunction with a malicious office document could gain control of an affected system.
No, currently there is no official update to resolve this vulnerability
How can I mitigate this?
The following mitigation techniques can be used
1) Check with your antivirus vendor that they provide detections against this attack. Microsoft Defender and Defender for Endpoint for example provides coverage passed build 1.349.22.0
2) Open documents from the internet in protected view of Application Guard for office
You can also deploy registry key changes to prevent installation of Active X controls across all zones in Internet Explorer
Source: CVE-2021-40444 – Security Update Guide – Microsoft – Microsoft MSHTML Remote Code Execution Vulnerability