Background /What has happened?
A vulnerability (CVE-2021-42292) has been identified in locally installed versions of Microsoft Excel which allows a cyber actor to bypass a key security control. A cyber actor could use a malicious Microsoft Excel spreadsheet to exploit this vulnerability. This malicious document would then likely be used as part of a spearphishing campaign.
There is no indication that the Microsoft hosted Office365 Excel product is affected.
Microsoft has identified that this vulnerability is currently being exploited.
Mitigation / How do I stay secure?
Australian organisations and individuals who utilise Microsoft Excel Sitecore XP should consult the Microsoft security advisory for a list of affected Excel versions. Australian organisations and individuals should ensure that the available security update is applied as soon as possible.