Update 9 Aug 2023: Microsoft have released a patch to fix this vulnerability. You can find more information on this here.
We’re aware of a Remote Code Execution (RCE) vulnerability that is affecting Windows and Microsoft Office products. For an attacker to exploit this vulnerability, the victim would need to open a specially crafted Microsoft Office document, most likely sent via email.
While there is no patch currently released to resolve this vulnerability, schools using Microsoft Defender for Office 365 are protected from the exploit.
If you do not have Microsoft Defender for Office 365, we recommend that you review the mitigations section of Microsoft Vendor Advisory.
As always, be wary of opening any attachments in emails from unknown or unexpected sources.