New Follina zero-day vulnerability in Microsoft Office works even with macros disabled


In a nutshell: Follina doesn’t require elevated privileges or Office macros to be enabled, and it doesn’t get detected by Windows Defender. It works on most fully-updated Office versions and operating systems, with researchers pointing out that it can be exploited even if a user selects a malicious file in Windows Explorer.

Researchers have just revealed a new zero-day vulnerability in Microsoft Office, which the infosec community has dubbed Follina. It allows attackers to execute Powershell commands via Microsoft Diagnostic Tool (MSDT) once a malicious Word document is opened.

What makes this vulnerability especially dangerous is that it completely bypasses Windows Defender detection, works without elevated privileges and doesn’t require Office macros to be enabled. So far, it’s been confirmed to be present in Office 2013, 2016, 2019, 2021, and a few versions included with a Microsoft 365 license on both Windows 10 and 11.

As Kevin Beaumont explains, a malicious document uses the Word remote template feature to retrieve an HTML file from a remote web server. This, in turn, uses the ms-msdt MSProtocol Uniform Resource Identifier (URI) scheme to execute code in Powershell.

Protected View, a feature that alerts users of files from potentially unsafe locations, does activate and flag the document as potentially malicious. However, by converting the document to a Rich Text Format (RTF) file, the vulnerability can be exploited simply by selecting the file (without opening it) if Windows Explorer’s preview pane option is enabled.

Interestingly, Microsoft was informed of this vulnerability in April, yet it decided to dismiss it as the company couldn’t replicate it.

Huntress Labs, a cybersecurity company, says it expects attackers to exploit Follina through email-based delivery and warns people to be vigilant about opening any attachments until the vulnerability gets patched.





Source link

Related articles

Samsung is giving freely free 27-inch Odyssey G55C displays – this is the right way to qualify

Whether or not you are a PC gamer trying to improve your setup or choose ultra-wide screens for productiveness, you may snag the Samsung Odyssey G9 49-inch curved gaming monitor for $500 off...

Will Gold Break Its All-Time Excessive In 2025? Momentum Builds Forward Of Key Degree

This text was written byComply withDean Popplewell has practically 20 years of expertise buying and selling currencies and glued earnings devices. He has a deep understanding of market fundamentals and the affect of...

Leela Lodges Operator Schloss Bangalore Raises Rs 1,575 Crore From Anchor Merchants Ahead Of IPO

Schloss Bangalore, the operator of the Indian luxurious resort ‘The Leela’, has finalised allocation of 36,206,896 equity shares to anchor consumers on the anchor investor allocation worth of Rs 435 per share. This...

Prop Agency FunderPro Appoints Former Swissquote COO to Lead Enterprise Improvement

Zoltan Nemeth has taken on a brand new function as Head of Enterprise Improvement at FunderPro, a proprietary buying and selling agency. He introduced the transfer in the present day (Friday) on LinkedIn.Nemeth wrote: “I’m...

Solana Faces Stiff Challenges Whereas Lightchain AI Charts an Thrilling New Path

PRESS RELEASE. The cryptocurrency area is shifting quick, and the panorama isn't wanting groundbreaking developments. Whereas Solana ( SOL) has loved explosive progress up to now, the cracks are beginning to present. Solana’s...
spot_img

Latest articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

WP2Social Auto Publish Powered By : XYZScripts.com