New Follina zero-day vulnerability in Microsoft Office works even with macros disabled


In a nutshell: Follina doesn’t require elevated privileges or Office macros to be enabled, and it doesn’t get detected by Windows Defender. It works on most fully-updated Office versions and operating systems, with researchers pointing out that it can be exploited even if a user selects a malicious file in Windows Explorer.

Researchers have just revealed a new zero-day vulnerability in Microsoft Office, which the infosec community has dubbed Follina. It allows attackers to execute Powershell commands via Microsoft Diagnostic Tool (MSDT) once a malicious Word document is opened.

What makes this vulnerability especially dangerous is that it completely bypasses Windows Defender detection, works without elevated privileges and doesn’t require Office macros to be enabled. So far, it’s been confirmed to be present in Office 2013, 2016, 2019, 2021, and a few versions included with a Microsoft 365 license on both Windows 10 and 11.

As Kevin Beaumont explains, a malicious document uses the Word remote template feature to retrieve an HTML file from a remote web server. This, in turn, uses the ms-msdt MSProtocol Uniform Resource Identifier (URI) scheme to execute code in Powershell.

Protected View, a feature that alerts users of files from potentially unsafe locations, does activate and flag the document as potentially malicious. However, by converting the document to a Rich Text Format (RTF) file, the vulnerability can be exploited simply by selecting the file (without opening it) if Windows Explorer’s preview pane option is enabled.

Interestingly, Microsoft was informed of this vulnerability in April, yet it decided to dismiss it as the company couldn’t replicate it.

Huntress Labs, a cybersecurity company, says it expects attackers to exploit Follina through email-based delivery and warns people to be vigilant about opening any attachments until the vulnerability gets patched.





Source link

Related articles

EnerMech lands pre-commissioning contract for Salamanca FPU in U.S. Gulf

EnerMech has secured a major contract from LLOG Exploration Co. for pre-commissioning providers...

10 habits you want if you wish to earn money doing what you like

There’s a dream that a variety of us share: waking up every day excited to do the work we love and really getting paid for it.  However let’s be sincere, making a dwelling doing...

Apple Would Be Value Half as A lot If It Stopped Manufacturing in China

A number of years earlier than Donald J. Trump entered politics, Apple and its companions constructed huge factories throughout China to assemble iPhones. Mr. Trump first campaigned for president by promising his supporters...

American Airways’ Subsequent Chapter: Between Growth And Hazard (NASDAQ:AAL)

This textual content was written by My expert background spans quite a few continents and comprises experience in private banking, firm finance, and strategic advisory. For quite a few years, I developed and led...
spot_img

Latest articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

WP2Social Auto Publish Powered By : XYZScripts.com