News

[ACT NOW] CRITICAL ALERT: Critical vulnerability present in certain versions of Microsoft Excel

Background /What has happened?

A vulnerability (CVE-2021-42292) has been identified in locally installed versions of Microsoft Excel which allows a cyber actor to bypass a key security control. A cyber actor could use a malicious Microsoft Excel spreadsheet to exploit this vulnerability. This malicious document would then likely be used as part of a spearphishing campaign.

There is no indication that the Microsoft hosted Office365 Excel product is affected.

Microsoft has identified that this vulnerability is currently being exploited.

Mitigation / How do I stay secure?

Australian organisations and individuals who utilise Microsoft Excel Sitecore XP should consult the Microsoft security advisory for a list of affected Excel versions. Australian organisations and individuals should ensure that the available security update is applied as soon as possible.

<< Go back to the previous page