MSHTML is a browser rendering engine that is also used by Microsoft Office documents, and the attacks are said to utilize specially-crafted documents that targeted users would have to click.
UPDATE as of September 14, 2021: Microsoft has updated their advisory to include the patch information released as of 9/14.
Trend Micro also has a blog with more information on this threat.
Protection Against ExploitationFirst and foremost, it is always highly recommended that users apply the vendor's patches when they become available.
In addition to the vendor patch(s) that should be applied, Trend Micro has released some supplementary detection protection that may help provide additional protection and detection of known malicious components associated with these attacks on systems that have not already been compromised or against further attempted attacks.
Using Trend Micro Products for InvestigationTrend Micro Vision One™
Trend Micro Vision One customers benefit from XDR detection capabilities of the underlying products such as Apex One. In addition, depending on their data collection time range, Trend Micro Vision One customers may be able to sweep for IOCs retrospectively to identify if there was potential activity in this range to help in investigation.
Threat Intelligence Sweeping
Indicators for this exploits against this vulnerability are now included in the Threat Intelligence Sweeping function of Trend Micro Vision One. Customers who have this enabled will now have the presence of the IOCs related to these threats added to their daily telemetry scans.
Preventative Rules, Filters & DetectionTrend Micro Malware Detection Patterns (VSAPI, Predictive Learning, Behavioral Monitoring and WRS) for Endpoint, Servers, Mail & Gateway (e.g. Apex One, Deep Security w/Anti-malware, etc.)
Malicious file samples associated with known exploits of this vulnerability are detected as:
|IoC Type||SHA1||VSAPI Detection||Predictive Learning||Pattern Number (VSAPI)|
In addition, the following associated URLs being being blocked via Web Reputation Services (WRS):
Trend Micro is closely monitoring and conducting additional research on these attacks and will update this article with additional information and protections as they become available.