• Home
  • Apps
  • Apps News
  • Microsoft Office Impacted With 'Follina' Zero Day Vulnerability: Researchers

Microsoft Office Impacted With 'Follina' Zero-Day Vulnerability: Researchers

Attackers are found to have already exploited the vulnerability and targeted some users.

Microsoft Office Impacted With 'Follina' Zero-Day Vulnerability: Researchers

Photo Credit: Microsoft

Microsoft Office users are at risk due to the "Follina" vulnerability

Highlights
  • Microsoft Office vulnerability was publicly disclosed on May 27
  • Attackers could exploit the vulnerability for code execution
  • Microsoft has acknowledged the issue and shared some workarounds

Microsoft Office is found to have a zero-day vulnerability that can allow attackers to execute code using a specially crafted Word file. Called Follina, the security issue can impact users the moment they open the malicious Word document on their system. It enables attackers to execute PowerShell commands via Microsoft Diagnostic Tool (MSDT). Office 2013 and later versions are impacted by the Follina zero-day vulnerability, according to researchers. Microsoft has not yet brought its fix.

Tokyo-based cybersecurity research team Nao_sec publicly disclosed the Follina vulnerability impacting Microsoft Office on Twitter last week. Per the explanation provided by the researchers, the issue is allowing Microsoft Word to execute a malicious code via MSDT even if macros are disabled.

Microsoft provides macros as a series of commands and instructions that users can use to automate a particular task. However, the new vulnerability has enabled attackers to process a similar kind of automation, without using macros.

"The document uses the Word remote template feature to retrieve a HTML file from a remote Web server, which in turn uses the ms-msdt MSProtocol URI scheme to load some code and execute some PowerShell," explains researcher Kevin Beaumont, who examined the issue raised by Nao_sec. "That should not be possible."

Beaumont has named the vulnerability "Follina" since the spotted sample on the file references 0438, which is the area code of Italy's Follina.

The vulnerability is believed to be exploited in the wild by some attackers.

Beaumont said that a file exploiting the loophole targeted a user in Russia over a month ago.

Microsoft Office versions including Office 2013 as well as Office 2021 are found to be vulnerable to attacks due to the issue. Some versions of Office included with a Microsoft 365 licence could also be targeted by attackers on both Windows 10 and Windows 11, the researchers have pointed out.

Initially, Microsoft was informed about the vulnerability in April, though the company did not consider it a security issue at the time, a security researcher on Twitter reports.

Microsoft, however, finally acknowledged the existence of the vulnerability on Monday. It is tracked as CVE-2022-30190.

In a post released on the Microsoft Security Response Center blog, the Redmond company also shared some workarounds, including the option to disable the MSDT URL protocol and turning on the turn-on cloud-delivered protection and automatic sample submission options on Microsoft Defender.

However, Microsoft has not yet provided an exact timeline on when we could see the fix coming for Office users.

Users, in the meantime, can stay safe by not opening any unknown Microsoft Word documents if they have an affected Office version on a Windows machine.


Asus India's Arnold Su joins this week's Orbital, the Gadgets 360 podcast, to talk about how the PC maker is planning to grow its presence in the country. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

India’s Attero Recycling to Spend $1 Billion by 2027, to Open Units in Poland, Ohio and Indonesia
Share on Facebook Tweet Snapchat Share Reddit Comment
 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2022. All rights reserved.