)
The Australian Cyber Security Centre (ACSC) has warned of a high-risk vulnerability in a component present in all copies of Microsoft Windows that could be exploited by malicious cyber actors.
The vulnerability, named CVE-2021-40444, means a cyber actor could craft a malicious document and convince a Microsoft Windows user to open it as part of a spearphishing campaign.
Microsoft is already aware of targeted attacks that attempt to exploit this vulnerability, but it currently has no patch available.
However, Microsoft has identified some temporary mitigations which customers could implement to prevent exploitation. The ACSC recommends customers review these workarounds and implement them if possible.
Customers should also monitor Microsoft’s security advisory for the release of a patch to address this vulnerability.
)
