ARS Technica has an overview over here. The article also covers a zero-day vulnerability in Adobe's Reader software.
"The quality of this vulnerability [is] high and the exploit is sophisticated," the researchers wrote. "The use of this in-the-wild zero-day reflects the organization’s strong vulnerability reserve capability. The threat organization may have recruited members with certain strength, or buying it from vulnerability brokers."As always, users are recommended to install these updates as soon as possible.
The simultaneous patching of CVE-2021-21017 and CVE-2021-1732, their nexus to Windows, and the ability for CVE-2021-1732 to defeat an important Reader defense raise the distinct possibility that in-the-wild attacks are combining exploits for the two vulnerabilities. Neither Microsoft nor Adobe has provided details that confirm this speculation, however.