Security News > 2022 > May > Watch Out! Researchers Spot New Microsoft Office Zero-Day Exploit in the Wild

Cybersecurity researchers are calling attention to a zero-day flaw in Microsoft Office that could be abused to achieve arbitrary code execution on affected Windows systems.

According to security researcher Kevin Beaumont, who dubbed the flaw "Follina," the maldoc leverages Word's remote template feature to fetch an HTML file from a server, which then makes use of the "Ms-msdt://" URI scheme to run the malicious payload. MSDT is short for Microsoft Support Diagnostics Tool, a utility that's used to troubleshoot and collect diagnostic data for analysis by support professionals to resolve a problem.

"There's a lot going on here, but the first problem is Microsoft Word is executing the code via msdt even if macros are disabled," Beaumont explained.

Multiple Microsoft Office versions, including Office, Office 2016, and Office 2021, are said to be affected, although other versions are expected to be vulnerable as well.

What's more, Richard Warren of NCC Group managed to demonstrate an exploit on Office Professional Pro with April 2022 running on an up-to-date Windows 11 machine with the preview pane enabled.

We have reached out to Microsoft for comment, and we'll update the story once we hear back.

News URL

https://thehackernews.com/2022/05/watch-out-researchers-spot-new.html