Jump to content
  • Sign Up
×
×
  • Create New...

Microsoft Office Impacted With ‘Follina’ Zero-Day Vulnerability: Researchers

Pelican Press

By Pelican Press,
in World News

 Share

Recommended Posts

  • Diamond Member
Pelican Press Warlord

Pelican Press 0

Posted
  • Diamond Member
Posted

This is the hidden content, please
Office Impacted With ‘Follina’ Zero-Day Vulnerability: Researchers

This is the hidden content, please
Office is found to have a zero-day vulnerability that can allow attackers to ******** code using a specially crafted Word file. Called Follina, the security issue can impact users the moment they open the malicious Word document on their system. It enables attackers to ******** PowerShell commands via
This is the hidden content, please
Diagnostic Tool (MSDT). Office 2013 and later versions are impacted by the Follina zero-day vulnerability, according to researchers.
This is the hidden content, please
has not yet brought its fix.

Tokyo-based cybersecurity research team Nao_sec publicly

This is the hidden content, please
the Follina vulnerability impacting
This is the hidden content, please
Office on
This is the hidden content, please
last week. Per the explanation provided by the researchers, the issue is allowing
This is the hidden content, please
Word to ******** a malicious code via MSDT even if macros are disabled.

This is the hidden content, please
provides macros as a series of commands and instructions that users can use to automate a particular task. However, the new vulnerability has enabled attackers to process a similar kind of automation, without using macros.

“The document uses the Word remote template feature to retrieve a HTML file from a remote Web server, which in turn uses the ms-msdt MSProtocol URI scheme to load some code and ******** some PowerShell,”

This is the hidden content, please
researcher Kevin Beaumont, who examined the issue raised by Nao_sec. “That should not be possible.”

Beaumont has named the vulnerability “Follina” since the spotted sample on the file references 0438, which is the area code of Italy’s Follina.

The vulnerability is believed to be exploited in the wild by some attackers.

Beaumont said that a file exploiting the loophole targeted a user in Russia over a month ago.

This is the hidden content, please
Office versions including Office 2013 as well as Office 2021 are found to be vulnerable to attacks due to the issue. Some versions of Office included with a
This is the hidden content, please
365 licence could also be targeted by attackers on both Windows 10 and Windows 11, the researchers have pointed out.

Initially,

This is the hidden content, please
was informed about the vulnerability in April, though the company did not consider it a security issue at the time, a security researcher on
This is the hidden content, please
This is the hidden content, please
.

This is the hidden content, please
, however, finally
This is the hidden content, please
the existence of the vulnerability on Monday. It is tracked as CVE-2022-30190.

In a post released on the

This is the hidden content, please
Security Response Center blog, the Redmond company also shared some workarounds, including the option to disable the MSDT URL protocol and turning on the turn-on cloud-delivered protection and automatic sample submission options on
This is the hidden content, please
Defender.

However,

This is the hidden content, please
has not yet provided an exact timeline on when we could see the fix coming for Office users.

Users, in the meantime, can stay safe by not opening any unknown

This is the hidden content, please
Word documents if they have an affected Office version on a Windows machine.

Affiliate links may be automatically generated – see our ethics statement for details.





This is the hidden content, please

This is the hidden content, please
office zero day vulnerability follina researchers word *******
This is the hidden content, please
office,
This is the hidden content, please
word,office 2021,
This is the hidden content, please
,follina vulnerability
#
This is the hidden content, please
#Office #Impacted #Follina #ZeroDay #Vulnerability #Researchers

This is the hidden content, please


Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Vote for the server

    To vote for this server you must login.

    Jim Carrey Flirting GIF

  • Recently Browsing   0 members

    • No registered users viewing this page.

Important Information

Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.

  I accept