Alert status HIGH Background /What has happened? Microsoft released multiple security updates to a range of products in its 12 October 2021 patch release. The ACSC recommends that all vulnerabilities identified in the release should be mitigated as outlined in the ACSC’s Assessing Security Vulnerabilities and Applying Patches. The vulnerabilities identified affect a wide range of Microsoft Office versions and other applications which handle Microsoft Office files. The ACSC wishes to draw particular attention to the following vulnerabilities for priority consideration: • CVE-2021-26427: Microsoft Exchange Server Remote Code Execution Vulnerability. • CVE-2021-40486: Microsoft Word Remote Code Execution Vulnerability. • CVE-2021-40487 and CVE-2021-41344: Microsoft SharePoint Server Remote Code Execution Vulnerabilities. Mitigation / How do I stay secure? Australian organisations and users of utilise Microsoft products should review Microsoft’s security update guide and identify and apply relevant security updates for their environment. Australian organisations and users who utilise Microsoft Exchange Server, Microsoft Office Word or Microsoft SharePoint should review the vulnerabilities listed above as a priority and apply the available patch from Microsoft. Assistance / Where can I go for help? The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1 (1300 292 371).