Microsoft Office Impacted With ‘Follina’ Zero-Day Vulnerability: Researchers

Microsoft Office has been found to have a vulnerability that could allow an attacker to execute code using a specially prepared Word file. The security issue, dubbed Follina, can affect users once the malicious Word document is opened on their system. The attackers were able to execute PowerShell commands via the Microsoft Diagnostic Tool (MSDT). Office 2013 and later versions are affected by the Follina zero-day vulnerability, according to researchers. Microsoft has not yet provided a fix.

Tokyo-based cyber security research team Nao_sec public a statement The Follina vulnerability that affected Microsoft Office on Twitter last week. According to the explanation given by the researchers, the problem is allowing Microsoft Word to execute malicious code via MSDT even if the macros are disabled.

Microsoft provides macros as a series of commands and instructions that users can use to automate a specific task. However, the new vulnerability made it possible for attackers to tackle a similar type of automation, without using macros.

Explains researcher Kevin Beaumont, who has studied the problem raised by Nao_sec. “It shouldn’t be possible.”

Beaumont named the vulnerability “Follina” because the sample spotted in the file referred to 0438, the Italian region code for Follina.

Some attackers are believed to have exploited the vulnerability in the wild.

Beaumont said a file exploiting the vulnerability targeted a user in Russia more than a month ago.

Versions of Microsoft Office including Office 2013 as well as Office 2021 have been found vulnerable to attacks due to this issue. The researchers noted that some versions of Office included in the Microsoft 365 license could also be targeted by attackers on both Windows 10 and Windows 11.

The vulnerability was initially reported to Microsoft in April, although the company did not consider it a security issue at the time, a security researcher on Twitter Reports.

However, Microsoft finally acknowledged the existence of the vulnerability on Monday. It is tracked as CVE-2022-30190.

In a post released on the Microsoft Security Response Center blog, Redmond also shared some workarounds, including the option to disable the MSDT URL protocol, turn on cloud-delivered protection, and automatic sampling options on Microsoft Defender.

However, Microsoft has not yet provided an exact timeline on when we can see the fix coming for Office users.

In the meantime, users can stay safe by not opening any unknown Microsoft Word documents if they have an affected Office version on their Windows machine.

اترك رد