Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Detected a serious zero-day vulnerability in Microsoft Office, click the document file and it will stick
Developers have just announced a critical zero-day vulnerability called Follina in the Microsoft Office suite of office tools. Successfully exploiting this vulnerability, an attacker could use a malicious Word document to trigger code execution on the victim's computer.
This vulnerability was first disclosed on May 27 by the Twitter account @nao_sec.
"The malicious document uses Word's remote template feature to retrieve an HTML file from a remote web server then uses the ms-msdt MSProtocol URI scheme to load some code and execute some PowerShell commands," the researcher said. Researcher Kevin Beaumont explains. "It's not supposed to be."
Beaumont said hackers can exploit this vulnerability even if the macro features have been disabled on Office applications. Office 2013, 2016, 2019, 2021 versions with Microsoft 365 license on both Windows 10 and Windows 11 are vulnerable to this vulnerability.
Kyle Hanslovan, CEO of security firm Huntress Labs, shared a video showing Follina through its ease of exploitation.
Everything the researchers posted shows that this vulnerability allows hackers to execute code on the victim's machine with just one click. In addition, as Hanslovan demonstrated, hackers can execute code even if the user performs a preview of the malicious document they receive. It's all about the support tools (ms-msdt) and system administration tools (PowerShell) that come pre-installed on Windows.
Twitter user @crazyman_army said he reported the vulnerability to Microsoft on April 12 but received a response on April 21 that it was not a security issue.
Temporary fix
Currently, because Microsoft has not recognized the vulnerability, there is no official fix from Microsoft. To solve the problem you can perform the following methods:
- Turn off Preview mode in Windows Explorer: Open Windows Explorer, then go to the View tab and select Hide Preview Pane.
- Download the file unregister-msdt.reg from GitHub then double click on the file to apply. If the User Account Control window appears, select Yes.
- Update anti-virus software and check files before opening with VirusTotal.
- If you receive a Word, Excel or PPT file, try opening it with Google Docs, Sheets or Slides.
TipsMake.com will continue to update as soon as there is information or an official patch of this Follina vulnerability.
David PacYou should read it
- 'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
- Detects a vulnerability that threatens all Windows computers shipped from 2012 up to now
- 12-year vulnerability in pkexec gives hackers root privileges on Linux
- Detecting a vulnerability that makes 3,000 companies using Microsoft Azure vulnerable to hackers reading data over the past 2 years
- What is VENOM Vulnerability? How can you protect yourself?
- Log4Shell zero-day vulnerability discovered, the new nightmare of enterprises
- Warning of dangerous Spring4Shell vulnerability, there are signs of scanning and exploiting
- Steps to fix PrintNightmare vulnerability on Windows 10
May be interested
- Detects 'long-standing' security vulnerabilities in Microsoft Office
security firm bkav on july 22 has warned that a microsoft office vulnerability has been quietly exploited since 2009. - How to Reduce a Microsoft Word File Sizethis wikihow teaches you how to reduce the file size of a microsoft word document. if your word file is too big, it's often because the images in your document weren't inserted properly or aren't compressed enough. you can reduce the size...
- How to Protect a Documentthis wikihow teaches you how to add a password to a document in order to prevent anyone who doesn't have the password from opening it. you can assign passwords to microsoft office documents on both windows and mac computers, as well as to...
- A good tip for a non-stick pan is to be durable and not be closethe sharing below will help you to use the non-stick pan more effectively. let's refer to offline!
- How to Format a Word Documentmicrosoft wordhttps://products.office.com/en-us/word is the world's most popular word document program. depending on what kind of legal, formal, or personal paper you're writing, each of these will need its own formatting guidelines. if...
- What is the XLSX file? What software to read?similar to the doc file in microsoft word, users are too familiar with the xls format file in microsoft excel. therefore, many people will be surprised to receive the xlsx file. so please consult our information.
- How to Convert an RTF File into MS Word Documentthis wikihow teaches you how to convert an rtf (rich text format) document using microsoft word or using google docs. open microsoft word. it's a blue app that looks like a book of writing with a white 'w' on it.
- Instructions for opening and converting Microsoft Works file formatshow will you do if you have to use a microsoft works document (* .wps) while your computer does not install the microsoft office product suite?
- How to Convert a WordPerfect Document to a Microsoft Word Documentthis tipsmake teaches you how to convert a wordperfect document (*.wpd) to the microsoft word (*.docx) format. go to https://document.online-convert.com/convert-to-docx in a web browser. this is a free tool called online convert, which you...
- Ignore the file storage option in Office 2013every time you use editing applications in office 2013, when you save a new document, the editing interface will switch to the backstage interface so you can choose where to store the file, including selecting skydrive or anywhere. that's in the computer.
Security solution
- ChromeLoader malware rages around the world, attacking both Windows and Mac
- 8 Reasons Password Managers Aren't As Secure As You Think
- These Apps Will Steal Your Facebook Password and Cryptocurrency
- Can a VPN Protect You From Ransomware?
- Detected a security flaw in Lenovo's UEFI firmware, affecting 100 laptop models
- Microsoft Defender disappoints in its ability to work offline, the detection rate of security risks is just over 60%
ChromeLoader malware rages around the world, attacking both Windows and Mac
8 Reasons Password Managers Aren't As Secure As You Think
These Apps Will Steal Your Facebook Password and Cryptocurrency
Can a VPN Protect You From Ransomware?
Detected a security flaw in Lenovo's UEFI firmware, affecting 100 laptop models
Microsoft Defender disappoints in its ability to work offline, the detection rate of security risks is just over 60%