Security News > 2022 > May > Watch Out! Researchers Spot New Microsoft Office Zero-Day Exploit in the Wild
Cybersecurity researchers are calling attention to a zero-day flaw in Microsoft Office that could be abused to achieve arbitrary code execution on affected Windows systems.
According to security researcher Kevin Beaumont, who dubbed the flaw "Follina," the maldoc leverages Word's remote template feature to fetch an HTML file from a server, which then makes use of the "Ms-msdt://" URI scheme to run the malicious payload. MSDT is short for Microsoft Support Diagnostics Tool, a utility that's used to troubleshoot and collect diagnostic data for analysis by support professionals to resolve a problem.
"There's a lot going on here, but the first problem is Microsoft Word is executing the code via msdt even if macros are disabled," Beaumont explained.
Multiple Microsoft Office versions, including Office, Office 2016, and Office 2021, are said to be affected, although other versions are expected to be vulnerable as well.
What's more, Richard Warren of NCC Group managed to demonstrate an exploit on Office Professional Pro with April 2022 running on an up-to-date Windows 11 machine with the preview pane enabled.
We have reached out to Microsoft for comment, and we'll update the story once we hear back.
News URL
https://thehackernews.com/2022/05/watch-out-researchers-spot-new.html
Related news
- Microsoft Office LTSC 2024 preview available for Windows, Mac (source)
- Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw (source)
- Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234) (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included (source)
- Researchers Uncover First Native Spectre v2 Exploit Against Linux Kernel (source)
- Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days (source)
- Exploit code for Palo Alto Networks zero-day now public (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)