Microsoft reported a remote code execution vulnerability that is actively being exploited by attackers. A malicious party can craft a Microsoft Office document with an ActiveX control which, if installed, will give them access on your computer to run malicious code, exfiltrate data, or perform other actions. Examples of Microsoft Office document file extensions: .docx, .xlsx, .pptx.
For more information on this vulnerability, please see https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444.
To stay safe, follow these general tips:
- Do not open attachments if you do not know the sender or are not expecting the document.
- If you are prompted to enable Macros after opening a document, do not do so. This is a common method attackers use to run malicious code via a seemingly innocuous file.
- Beware of phishing emails. For more guidance, see more info about email phishing.