Context / What happened?
A vulnerability (CVE-2021-26435) has been identified in the Windows Script Engine, a component found in all installations of Microsoft Windows. With this vulnerability, a cyber actor could use a maliciously crafted file to install malware. The file can potentially be in the form of a JScript or VBScript file, either on its own or embedded in a malicious Microsoft Office document. The malicious file would likely be used as part of a spearphishing campaign.
Mitigation / How to stay safe?
Microsoft has released security updates to address this vulnerability. Details on these security updates and a full list of affected products can be found in Microsoft’s security advisory. Customers should apply these security updates as soon as possible.
Support / Where can I get help?
The CCAA is monitoring the situation and is able to provide assistance and advice as needed. Organizations that have been affected or need assistance can contact the CCAA at 1300 CYBER1 (1300 292 371).