A Microsoft Office crashDiscovered by independent security researchers, it can facilitate remote execution of malicious code by simply opening a document. word. The bug, which is considered to be of high severity, was confirmed by Microsoft Monday (30).

The vulnerability, originally called “Follina”, Microsoft Diagnostic Tool (MSDT) is used by attackers to execute malicious PowerShell commands. It is characterized by the fact that it does not require elevated privileges to be exploited and is easy to avoid Windows Defender detection.

Also, it does not depend on macros or other elements normally used in virtual attacks, you just need to open a file in Word. From then on, external links from the text editor are used to execute the code remotely.

According to expert Kevin Beaumont, there is even the possibility of executing PowerShell commands without even opening a document. To do this, the cybercriminal simply has to change the file format to Rich Text Format (RTF); this is an action that also prevents the attacker from being detected by the security features included in the software.

The fix is ​​not yet available

Although it is stated by experts to be of high intensitys, the Follina vulnerability was not evaluated as such by Microsoft, First. by BleeComputerBig Tech was warned of the bug in April, but reportedly denied the notification, saying it wasn’t a security issue.

However, the Windows owner now acknowledges the flaw and gave him a code: CVE-2022-30190. The bug still has no fix, needs to be careful Disable the MSDT URL protocol and Microsoft Defender Antivirus cloud protection to reduce the risk of attack – see more details on the Microsoft page.

Those responsible for detecting the error claim that it affects Office 2013, 2016 and 2021 versions in addition to the variant. Professional Plus. Not even versions installed on Windows 11 and the recently updated ones do not pose risks such as identity theft and installing malware after exploitation.


Source: Tec Mundo

Previous articleLove, Victor 3: trailer and poster of the final season of the Disney+ series
Next article10 tech news to start your day (07/06)

LEAVE A REPLY

Please enter your comment!
Please enter your name here