Attackers can use a malicious Microsoft Excel spreadsheet to exploit this vulnerability. This malicious document would then likely be used as part of a spear phishing campaign.

All supported versions of Microsoft Excel on Microsoft Office 2013 Service Pack (SP) 1 (64-bit editions), Microsoft Office 2013 SP 1 (32-bit editions), Microsoft Office 2013 RT SP1, Microsoft Office 2016 (64-bit edition), Microsoft Office 2016 (32-bit editions), Microsoft Office LTSC 2021 for 64-bit editions, Microsoft Office LTSC 2021 for 32-bit editions, Microsoft Office 365 Apps for Enterprise for 64-bit systems, Microsoft Office 365 Apps for Enterprise for 32-bit systems, Microsoft Office 2019 for Mac, Microsoft Office 2019 for 64-bit editions and Microsoft Office 2019 for 32-bit editions

1. Check your version of Microsoft Office
2. Apply Security Update for the above Microsoft Office versions as soon as possible.

Security Update guide can be viewed on Microsoft website https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42292
If you need assistance, contact CERT Vanuatu on 33380 or email on This email address is being protected from spambots. You need JavaScript enabled to view it.