CISA has ordered federal agencies to mitigate the REC zero-day vulnerabilities affecting Windows and Office before the 8th of August. This gives you just three weeks to implement the mitigations. The vulnerabilities have been exploited in phishing attacks against NATO. The exploited remote code execution vulnerabilities have been collectively tracked as CVE-2023-36884. Microsoft has confirmed that these vulnerabilities have been exploited in cyberattacks against government entities in North America and Europe. The attackers used malicious Office documents impersonating the Ukrainian World Congress organization to target participants of the NATO Summit in Vilnius.
You can find an audit for the Registry key mitigation and more info in this Storm-0978 Attacks Mitigation Audit.
