Microsoft Office has been found to have a Zero-Day vulnerability that allows attackers to execute code using a specially designed word file. A security issue called Follina can affect users the moment they open a malicious Word document on their system. It allows attackers to execute PowerShell commands through the Microsoft Diagnostic Tool (MSDT). According to researchers, Office 2013 and later versions were affected by Follina Zero-Day vulnerability. Microsoft has not yet come up with its solution.
Tokyo-based cybersecurity research team Nao_sec publicly Revealed Folina’s vulnerability affected Microsoft Office on Twitter last week. According to the researchers’ explanation, the problem is allowing Microsoft Word to execute malicious code via MSDT even if the macros are disabled.
Microsoft provides macros as a set of commands and instructions that users can use to automate a specific task. However, the new vulnerability allowed attackers to process the same type of automation without the use of macros.
“The document uses the Word remote template feature to retrieve the HTML file from the remote web server, which uses the ms-msdt MSProtocol URI scheme to load some code and execute some PowerShell.” Explains Kevin Beaumont, a researcher who examined the problem raised by Nao_sec. “That should not be possible.”
Beaumont named the vulnerability “Follina” from the spot pattern on file reference 0438, the area code for Folina, Italy.
This vulnerability is believed to have been exploited by some attackers in the wild.
Beaumont said the loophole file was targeted at a consumer in Russia a month ago.
Microsoft Office versions, including Office 2013 and Office 2021, have been found to be vulnerable to problems. Some versions of Office included with the Microsoft 365 license may be targeted by attackers on both Windows 10 and Windows 11, the researchers point out.
Initially, Microsoft was notified of the vulnerability in April, but at the time the company did not consider it a security issue, according to a security researcher on Twitter. Reports.
Microsoft, however, finally Informed The presence of vulnerability on Monday. It is tracked as CVE-2022-30190.
In a post released on the Microsoft Security Response Center blog, Redmond also shared some solutions, such as disabling the MSDT URL protocol and turning on turn-on cloud-delivered protection and automatic sample submission options in Microsoft Defender.
However, Microsoft has not yet provided an exact timeline for when we can see the solution coming for office users.
At this point, users may be safe from having to open unknown Microsoft Word documents if they have an affected version of Office on their Windows machine.