First published: 08 Sep 2021
Last updated: 14 Sep 2021

Content written for

Individuals & families
Small & medium business
Large organisations & infrastructure
Government

Background /What has happened?

A vulnerability (CVE-2021-40444) has been identified in MSHTML, a component present in all installations of Microsoft Windows. A cyber actor could use a malicious ActiveX control in a Microsoft Office document to exploit this vulnerability. This malicious document would then likely be used as part of a spearphishing campaign.

Microsoft has identified that this vulnerability is currently being exploited.

Further information on this vulnerability and specific affected Microsoft Windows versions is available in Microsoft’s security advisory.

Mitigation / How do I stay secure?

Microsoft has released security updates to address this vulnerability, details of these updates are available from Microsoft’s security advisory. Customers should apply these security updates as soon as possible.

Assistance / Where can I go for help?

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1 (1300 292 371).

Was this helpful?
Yes this was helpful
No this was not helpful

Thanks for your feedback!

We welcome additional feedback below.

Was this information easy to understand?
Will you take action after reading this?
Did you find the information you were looking for?
Did the design and layout of this page meet your expectations?