A malspam campaign targeting MSHTML remote code execution vulnerability is being exploited in the wild. Threat actors are dropping cobaltstrike payload to infiltrate and gain unauthorized access for their own gain which can lead to information theft. The vulnerability was previously exploited as well via by using specially-crafted Microsoft Office documents.
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the MSHTML Platform. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Users are advised to use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.