You wouldn’t download a weaponized jpeg

Security teams are advised to block or closely monitor execution of commonly abused Windows binaries including csc.exe, cvtres.exe, and ComputerDefaults.exe. Organizations should enforce strict controls over remote access platforms, deploy detection rules for suspicious PowerShell behavior, and isolate any system showing unexpected ScreenConnect activity. Credential resets for all privileged accounts are strongly recommended following any suspected exposure.

So all windows users without a “security team” are vulnerable to this extremely simple & powerful attack for the foreseeable future???