Security News > 2022 > May > Mysterious “Follina” zero-day hole in Office – here’s what to do!

Mysterious “Follina” zero-day hole in Office – here’s what to do!
2022-05-31 18:01

More precisely, perhaps, it's a code execution security hole hole that can be exploited by way of Office files, though for all we know there may be other ways to trigger or abuse this vulnerability.

On Windows, ms-msdt: is a proprietary URL type that launches the MSDT software toolkit.

The command line supplied to MSDT via the URL causes it to run untrusted code.

No Visual Basic for Applications Office macros are involved, so this trick works even if you have Office macros turned off completely.

Simply put, this looks like what you might call a handy Office URL "Feature", combined with a helpful MSDT diagnostic "Feature", to produce an abusable security hole that can cause a "Click-to-pwn" remote code execution exploit.

As convenient as Microsoft's proprietary ms-xxxx URLs may be, the fact that they're designed to launch processes automatically when specific types of file are opened, or even just previewed, is clearly a security risk.


News URL

https://nakedsecurity.sophos.com/2022/05/31/mysterious-follina-zero-day-hole-in-office-what-to-do/