In August, Microsoft Threat Intelligence Center (MSTIC) identified a small number of attacks (less than 10) that attempted to exploit a remote code execution vulnerability in MSHTML using specially crafted Microsoft Office documents. These attacks used the vulnerability, tracked as CVE-2021-40444, as part of an initial access campaign that distributed custom Cobalt Strike Beacon loaders. These loaders communicated with an infrastructure that Microsoft associates with multiple cybercriminal campaigns, including human-operated ransomware.
Thank you for sharing. A good news is most Anti-Malware products including Microsoft Defender are able to detect and block this exploit. So if someone send a malicious file, it will be blocked by Microsoft Defender. However everyone have to make sure deploy updates as soon as possible.