This week Microsoft reported that they are seeing this vulnerability being actively exploited in the wild. The attacker crafts a Microsoft Office document which contains a malicious ActiveX control, that once installed, grants the attacker the same rights as the user who opened the document. This can allow the attacker to run code, install and remove programs, and exfiltrate data, among other things. For more information on this vulnerability, see https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444.
It is best to follow these general guidelines when it comes to Microsoft Office files received, whether by email attachment or other means.
1. Be sure you were expecting the document before opening it. If you are unsure, contact the sender and inquire what the document is.
2. If you do open an attached document and are prompted to enable macros, do not do so. Doing so can allow malicious code within the document to run.
If you have any questions or concerns, or have received an email that you believe is suspicious, please contact us at firstname.lastname@example.org or email@example.com.