A new zero-day vulnerability found in Microsoft Office can allow attackers to execute a code in a user’s computer using a malicious Microsoft Word file.
The vulnerability, named Follina infects the user’s system the moment they open the malicious Word document. The document does this by executing something called a PowerShell command and it does so by using the Microsoft Diagnostic Tool. Researchers suggest that the Follina vulnerability has impacted Office 2013 and newer versions. Microsoft has not issued a fix yet.
ALSO READ: Zoom Has A New Malware Threat That Can Be Used To Attack Your Phone: All Details
The Follina vulnerability was first found by Nao_sec, a Tokyo-based cybersecurity research organisation. It disclosed the Follina vulnerability in a post on Twitter last week. According to the cybersecurity firm, the issue allows the attackers to use Microsoft Word to execute a malicious code on the victim’s computer.
A security researcher named Kevin Beaumont says that the document uses the Word remote template feature to retrieve an HTML file from a remote server, which in turn uses a Microsoft protocol to load some code and execute PowerShell. He said that a file exploiting a loophole targeted a user in Russia about a month ago.
ALSO READ: DuckDuckGo Faces Backlash for Allowing Microsoft to Track Data
Microsoft Office 2013 and later versions, including Office 2021 have been found vulnerable to the attacks. Some versions included with a Microsoft 365 license couuld also be vulnerable on both Windows 10 and Windows 11 systems.
Microsoft has been informed about the vulnerability, but the tech giant is yet to launch a fix for this issue. It is also being said that Microsoft did not consider this a security issue initially. While it has acknowledged the vulnerability, Microsoft is yet to release a fix for this.
Read all the Latest Tech News here
Comments
0 comment