Detected a serious zero-day vulnerability in Microsoft Office, click the document file and it will stick
Developers have just announced a critical zero-day vulnerability called Follina in the Microsoft Office suite of office tools. Successfully exploiting this vulnerability, an attacker could use a malicious Word document to trigger code execution on the victim's computer.
This vulnerability was first disclosed on May 27 by the Twitter account @nao_sec.
"The malicious document uses Word's remote template feature to retrieve an HTML file from a remote web server then uses the ms-msdt MSProtocol URI scheme to load some code and execute some PowerShell commands," the researcher said. Researcher Kevin Beaumont explains. "It's not supposed to be."
Beaumont said hackers can exploit this vulnerability even if the macro features have been disabled on Office applications. Office 2013, 2016, 2019, 2021 versions with Microsoft 365 license on both Windows 10 and Windows 11 are vulnerable to this vulnerability.
Kyle Hanslovan, CEO of security firm Huntress Labs, shared a video showing Follina through its ease of exploitation.
Everything the researchers posted shows that this vulnerability allows hackers to execute code on the victim's machine with just one click. In addition, as Hanslovan demonstrated, hackers can execute code even if the user performs a preview of the malicious document they receive. It's all about the support tools (ms-msdt) and system administration tools (PowerShell) that come pre-installed on Windows.
Twitter user @crazyman_army said he reported the vulnerability to Microsoft on April 12 but received a response on April 21 that it was not a security issue.
Temporary fix
Currently, because Microsoft has not recognized the vulnerability, there is no official fix from Microsoft. To solve the problem you can perform the following methods:
- Turn off Preview mode in Windows Explorer: Open Windows Explorer, then go to the View tab and select Hide Preview Pane.
- Download the file unregister-msdt.reg from GitHub then double click on the file to apply. If the User Account Control window appears, select Yes.
- Update anti-virus software and check files before opening with VirusTotal.
- If you receive a Word, Excel or PPT file, try opening it with Google Docs, Sheets or Slides.
TipsMake.com will continue to update as soon as there is information or an official patch of this Follina vulnerability.
You should read it
- Microsoft urgently patched zero-day vulnerability after 2 years of refusing to acknowledge it
- New zero-day vulnerability warning in Windows Search, Windows protocol nightmare getting worse
- 'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
- Detects a vulnerability that threatens all Windows computers shipped from 2012 up to now
- 12-year vulnerability in pkexec gives hackers root privileges on Linux
- Detecting a vulnerability that makes 3,000 companies using Microsoft Azure vulnerable to hackers reading data over the past 2 years
- What is VENOM Vulnerability? How can you protect yourself?
- Log4Shell zero-day vulnerability discovered, the new nightmare of enterprises
- Warning of dangerous Spring4Shell vulnerability, there are signs of scanning and exploiting
- Steps to fix PrintNightmare vulnerability on Windows 10
- GitLab patches critical vulnerability that allows hackers to take control of accounts
- Microsoft urges Admin to patch PowerShell vulnerability on Windows
Maybe you are interested
There is a serious security vulnerability that has existed for 18 years in AMD processors, but it is not too worrying
A dangerous vulnerability that has existed for 18 years threatens millions of AMD Ryzen and EPYC CPUs
Google Workspace security vulnerability caused thousands of user accounts to be attacked
Thousands of iOS apps could be at risk because of an open source vulnerability
Serious vulnerability in OpenSSH threatens millions of servers
Google releases emergency update to patch Chrome vulnerability