Microsoft working to fix Office document vulnerability on Windows 10
The Cybersecurity and Infrastructure Security Agency encourages people and organizations to review a recent security advisory from Microsoft.
What you need to know
- Microsoft is looking into a vulnerability that lets attackers target people's PCs by using Office documents.
- Mitigations and workarounds for the vulnerability are outlined by Microsoft.
- The Cybersecurity and Infrastructure Security Agency tweeted a statement encouraging people to look at Microsoft's advisory for the vulnerability.
Microsoft is looking into a report of a remote code execution vulnerability in MSHTML that affects Windows. The company explains in a security report that it is aware of targeted attacks that attempt to exploit the vulnerability by using Microsoft Office documents. Both Microsoft Defender Antivirus and Microsoft Defender for Endpoint provide detection and protection for the vulnerability.
Microsoft explains that an attacker could use malicious ActiveX control that's hidden within an Office document. Threat actors craft these documents in a way that could trick people into enabling the ActiveX control. Microsoft does not specifically mention the recent "Windows 11 Alpha" malware attacks, but the methods used in that attack appear similar to what Microsoft describes in its report.
The attacks mentioned by Microsoft also appear to be connected to the upcoming change in how Office handles Trusted Documents. The Microsoft 365 roadmap outlines that Office 365 will soon follow IT administrator policies that block Active Content in Trusted Documents.
Microsoft outlines mitigations and workarounds for the issue that admins can utilize now. The company explains that "by default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack."
People can also disable the installation of ActiveX controls in Internet Explorer to mitigate the attack. It's important to note that editing the registry comes with risks if done incorrectly.
The Cybersecurity and Infrastructure Security Agency encourages people to look through Microsoft's mitigations and workarounds.
.@CISAgov encourages users and organizations to review Microsoft's mitigations and workarounds to address CVE-2021-40444, a remote code execution vulnerability in Microsoft Windows: https://t.co/PY3WTgvzRa https://t.co/zUvbfTjRTd.@CISAgov encourages users and organizations to review Microsoft's mitigations and workarounds to address CVE-2021-40444, a remote code execution vulnerability in Microsoft Windows: https://t.co/PY3WTgvzRa https://t.co/zUvbfTjRTd— US-CERT (@USCERT_gov) September 7, 2021September 7, 2021
After Microsoft completes its investigation, it may roll out updates for the issue through normal Patch Tuesday updates or out-of-cycle security updates.
All the latest news, reviews, and guides for Windows and Xbox diehards.

Sean Endicott is a News Writer at Windows Central, where he covers Windows 11, Surface hardware, Microsoft 365, AI, apps, and the broader PC ecosystem. Since joining the site in 2017, he has written well over a thousand articles across the Microsoft landscape, covering breaking news, analysis, and feature reporting.
He writes Windows Wrap, a weekly column covering the biggest stories in Windows and the PC industry, and what they mean for the platform going forward.
Before joining Windows Central full-time, Sean worked in journalism and media production after earning a First Class degree in Broadcast Journalism from Nottingham Trent University. Outside of tech, he is an award-winning American football coach based in Nottingham, England, and was named BAFCA Youth Coach of the Year in 2024.
