ACSC issues new alert for Microsoft scripting engine vulnerability

The Commonwealth government’s cyber security watchdog has issued a new high status alert for vulnerabilities within the Microsoft Windows scripting engine.

According to the Australian Cyber Security Centre, a vulnerability has been discovered in Microsoft’s Windows scripting engine, potentially allowing threat actors to gain remote access of devices.

The vulnerability was raised by Microsoft earlier in the week, providing security updates via the company’s security advisory page.

The current vulnerability is present in all Microsoft Windows installations, which allows a threat actor to run an arbitrary code to potentially gain access of user's devices. The ACSC outlined that the code is typically a Jscript or VBScript file, and can be spread via corrupted Microsoft Office documents.

============

The cyber security watchdog suggests that the penetrations would typically be achieved through spearphishing attacks.

Hacker News reported that the patch release was part of 66 vulnerabilities patched by the company, of which three were rated as critical.

The ACSC recommended that users patch the vulnerabilities via the Microsoft security advisory as quickly as possible.

“Microsoft has released security updates to address this vulnerability. Details on these security updates and a full list of affected products are available from Microsoft’s security advisory. Customers should apply these security updates as soon as possible,” the ACSC reported.