Security News > 2022 > June > Microsoft Releases Workaround for ‘One-Click’ 0Day Under Active Attack
Microsoft has released a workaround for a zero-day flaw that was initially flagged in April and that attackers already have used to target organizations in Russia and Tibet, researchers said.
The remote control execution flaw, tracked as CVE-2022-3019, is associated with the Microsoft Support Diagnostic Tool, which, ironically, itself collects information about bugs in the company's products and reports to Microsoft Support.
"A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word," Microsoft explained in its guidance on the Microsoft Security Response Center.
Researchers from Shadow Chaser Group noticed it on April 12 in a bachelor's thesis from August 2020-with attackers apparently targeting Russian users-and reported to Microsoft on April 21, according to research firm Recorded Future's The Record.
If the calling application is an Office app then by default, Office opens the document from the internet in Protected View and Application Guard for Office, "Both of which prevent the current attack," Microsoft said.
What's more, the workaround that Microsoft currently offers itself has issues and won't provide much of a fix in the long-term, especially with the bug under attack, Grafi said.
News URL
https://threatpost.com/microsoft-workaround-0day-attack/179776/
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Week in review: Microsoft patches actively exploited 0-days, Amazon and HSBC employee data leaked (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- Microsoft enforces defenses preventing NTLM relay attacks (source)
- Week in review: Microsoft fixes exploited 0-day, top cybersecurity books for your holiday gift list (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-08-29 | CVE-2022-3019 | Authorization Bypass Through User-Controlled Key vulnerability in Tooljet The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one). | 8.8 |