Background /What has happened?
Microsoft released multiple security updates to a range of products in its 12 October 2021 patch release. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) recommends that all vulnerabilities identified in the release should be mitigated as outlined in the ASD’s ACSC’s Assessing Security Vulnerabilities and Applying Patches. The vulnerabilities identified affect a wide range of Microsoft Office versions and other applications which handle Microsoft Office files. The ASD’s ACSC wishes to draw particular attention to the following vulnerabilities for priority consideration:
• CVE-2021-26427: Microsoft Exchange Server Remote Code Execution Vulnerability.
• CVE-2021-40486: Microsoft Word Remote Code Execution Vulnerability.
• CVE-2021-40487 and CVE-2021-41344: Microsoft SharePoint Server Remote Code Execution Vulnerabilities.
Mitigation / How do I stay secure?
Australian organisations and users of utilise Microsoft products should review Microsoft’s security update guide and identify and apply relevant security updates for their environment. Australian organisations and users who utilise Microsoft Exchange Server, Microsoft Office Word or Microsoft SharePoint should review the vulnerabilities listed above as a priority and apply the available patch from Microsoft.
Assistance / Where can I go for help?
The ASD’s ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ASD’s ACSC via 1300 CYBER1 (1300 292 371).