Advisory 18

TLP Rating: Clear

Critical vulnerabilities identified in Microsoft Office (Excel _CVE-2021-42292).

CERT Vanuatu (CERTVU) and the Office of the Chief Information Officer (OGCIO) provides the following advisory by its international partners.

CERTVU office would like to advise it’s constituents on critical vulnerabilities identified in locally installed versions of Microsoft Excel which allows a cyber-actor to bypass a key security control.

 

What this means

Attackers can use a malicious Microsoft Excel spreadsheet to exploit this vulnerability. This malicious document would then likely be used as part of a spear phishing campaign.

 

References

  1. https://www.cyber.gov.au/acsc/view-all-content/alerts/critical-vulnerability-present-certain-versions-microsoft-excel
  2. https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-42292