Researchers have publicly revealed one zero-day vulnerability in Microsoft Office which can be exploited using its malicious documents Word resulting in malicious code being executed on the victim's system
Η vulnerability was first discovered by the user @nao_sec on Twitter on May 27th and as mentioned in a post he made at Twitter :
Interesting maldoc was submitted from Belarus. It uses Word's external link to load the HTML and then uses the "ms-msdt" scheme to execute PowerShell code.https://t.co/hTdAfHOUx3 pic.twitter.com/rVSb02ZTwt
- nao_sec (@nao_sec) May 27, 2022
Ο Beaumont states that attackers can take advantage of this vulnerability, which he has named "Follina”, Even if the Office macros are off. The Office 2013, 2016, 2019, 2021 and some versions of Office offered through Microsoft 365 are so vulnerable to Windows 10 as well as Windows 11.
Chief Executive Officer Huntress labs, Kyle Hanslovan, showed us how to do this using a Rich Text File to exploit this vulnerability in the preview window in File Explorer Windows 11:
A lot of folks have pointed out that Protected Mode is required when opening the Word doc. Just a reminder that formatting as a Rich Text File allows exploitation when Explorer's preview pane option is enabled (no Enable Editing button either 😉 #Follina #MSDT https://t.co/ZUj5WXeWjN
- Kyle Hanslovan (@KyleHanslovan) May 30, 2022
All of this means that this vulnerability allows code to be executed with a single click, (or simply by previewing the malicious document) using support tools (ms-msdt) and system administration tools (PowerShell) that are pre-installed on Windows.
Ο @crazyman_army Reported on Twitter that this vulnerability became known to Microsoft on April 12, but on April 21 it allegedly decided that no security issues were raised.
Ο Beaumont says that "Microsoft may have attempted to fix or mistakenly fix this in Office 365 Insider without documenting or citing a CVE", Sometime in May.
That's it Huntress labs says that he expects "attempts at exploitation via email”And notes that users“should be especially careful about opening attachments", While Microsoft, antivirus companies and the rest of the security community are responding to this threat.
Η Microsoft did not respond immediately to his request PCMag for comment on the subject.
Do not forget to follow it Xiaomi-miui.gr on Google News to be informed immediately about all our new articles! You can also if you use RSS reader, add our page to your list by simply following this link >> https://news.xiaomi-miui.gr/feed/gn
Follow us on Telegram so that you are the first to learn our every news!
