Microsoft, CISA Urge Mitigations for Zero-Day RCE Flaw in Windows

Attackers are actively attempting to exploit a vulnerability in MSHTML that allows them to craft a malicious ActiveX control to be used by Microsoft Office files.