Skip to main content

Remote code execution vulnerability present in the Windows Scripting Engine of Microsoft Windows

A vulnerability exists in a component of Microsoft Windows. A malicious cyber actor could exploit this vulnerability to execute arbitrary code, potentially enabling the actor to take control of the vulnerable host. Affected Australian customers should apply the security update provided by Microsoft.

Alert status
HIGH

Background /What has happened?

A vulnerability (CVE-2021-26435) has been identified in the Windows Scripting Engine, a component present in all installations of Microsoft Windows. Through this vulnerability a cyber actor could use a maliciously crafted file to install malware. The file could potentially be in the form of a JScript or VBScript file either by itself or incorporated into a malicious Microsoft Office document. The malicious file would likely be used as part of a spearphishing campaign.

Mitigation / How do I stay secure?

Microsoft has released  security updates to address this vulnerability. Details on these security updates and a full list of affected products are available from Microsoft’s security advisory. Customers should apply these security updates as soon as possible.

Assistance / Where can I go for help?

The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1 (1300 292 371).