"Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. It was fixed by the Windows maker as part of its February 2026 Patch Tuesday update. However, the tech giant also noted that the vulnerability had been exploited as a zero-day in real-world attacks, crediting the Microsoft Threat Intelligence Center and other security teams for reporting it."
"In a hypothetical attack scenario, a threat actor could weaponize the vulnerability by persuading a victim to open a malicious HTML file or shortcut (LNK) file delivered through a link or as an email attachment. Once the crafted file is opened, it manipulates browser and Windows Shell handling, causing the content to be executed by the operating system, allowing the attacker to bypass security features and potentially achieve code execution."
"Akamai said it identified a malicious artifact that was uploaded to VirusTotal on January 30, 2026, and is associated with infrastructure linked to APT28. The sample was flagged by the Computer Emergency Response Team of Ukraine in connection with APT28's attacks exploiting another security flaw in Microsoft Office."
Microsoft addressed CVE-2026-21513, a critical security feature bypass in the MSHTML Framework with a CVSS score of 8.8, through its February 2026 Patch Tuesday update. The vulnerability allows unauthorized attackers to bypass security mechanisms over a network. Evidence indicates APT28, a Russia-linked state-sponsored threat actor, exploited this flaw as a zero-day in real-world attacks. Attackers weaponize the vulnerability by tricking victims into opening malicious HTML or LNK files via email or links. When opened, these files manipulate browser and Windows Shell handling, enabling code execution and security feature bypass. Akamai identified malicious artifacts associated with APT28 infrastructure uploaded to VirusTotal on January 30, 2026, connected to concurrent attacks exploiting another Microsoft Office vulnerability.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]