Connect with us

News Tech

Microsoft Office Affected by 'Follina' Zero-Day Vulnerability: Researchers

News Sports

A huge Fire breaks out in Tyreek Hill house, Florida on 3 January 2024

News Tech

Official Xiaomi NoteBook Pro 120G display, CPU, and GPU specifications released

News Tech

OPPO introduces its latest AI technology to create Animated Digital Avatars

News Tech

Xiaomi is reportedly planning to introduce a new sub-brand

News Tech

Motorola Edge 30 Fusion spotted on Geekbench, here Specification

News Tech

The upcoming Vivo X80 Lite could be rebranded version of the Vivo S15 Pro

News Tech

Infinix Note 12 Pro 4G launching on August 26 in India

News Tech

These Motorola Devices Will Initially Receive Android 13

News Tech

OPPO Band 2 Launching Globally Soon

News

Microsoft Office Affected by ‘Follina’ Zero-Day Vulnerability: Researchers

Published

2 years ago

on

Microsoft Office Affected by 'Follina' Zero-Day Vulnerability: Researchers

A zero-day vulnerability in Microsoft Office has been discovered, allowing attackers to execute malware using a specially constructed Word file.

The security flaw, known as Follina, may affect users when they open a malicious Word document on their computer.

It allows attackers to use the Microsoft Diagnostic Tool to run PowerShell operations (MSDT). Experts say the Follina zero-day vulnerability affects Office 2013 and subsequent editions. Microsoft has yet to provide a remedy.

Last week, the Follina vulnerability affecting Microsoft Office was officially publicized on Twitter by Nao sec’s Tokyo-based cybersecurity research firm.

According to the researchers’ explanation, the flaw allows Microsoft Word to run malicious code through MSDT even when macros are disabled.

Macros are a set of commands and instructions that users may use to automate an operation in Microsoft Office.

On the other hand, the new vulnerability has allowed attackers to do comparable automation without the use of macros.

“The document utilizes the Word remote template functionality to obtain an HTML file from a remote Web server, which then uses the ms-msdt MSProtocol URI scheme to load some code and run some PowerShell,” says researcher Kevin Beaumont, who looked into the Nao sec problem. “That shouldn’t be feasible,” says the narrator.

Because the detected sample on the file refers to 0438, which is the area code of Follina, Italy, Beaumont has called the vulnerability “Follina.”

Some attackers are thought to have exploited the vulnerability in the wild.

According to Beaumont, a file exploiting the flaw was sent to a Russian user over a month ago.

Due to the problem, Microsoft Office versions such as Office 2013 and Office 2021 have been susceptible to assaults. According to the researchers, specific versions of Office supplied with a Microsoft 365 license might be targeted by attackers on both Windows 10 and Windows 11.

According to a security researcher on Twitter, Microsoft was notified about the vulnerability in April but did not consider it a security risk.

Microsoft, on the other hand, finally recognized the vulnerability on Monday. CVE-2022-30190 is the number assigned to it.

The Redmond business also offered various remedies in a post on the Microsoft Security Response Center blog, including the ability to deactivate the MSDT URL protocol and switch on the turn-on cloud-delivered protection and automated sample submission options on Microsoft Defender.

However, Microsoft has not yet specified a precise date for when the update will be available to Office customers.

Meanwhile, if you have a Windows PC with an impacted Office version, you may keep secure by avoiding opening any suspicious Microsoft Word documents.

Related Topics:
Continue Reading
Click to comment

You must be logged in to post a comment Login

Leave a Reply