Security News > 2022 > June > Microsoft Releases Workaround for ‘One-Click’ 0Day Under Active Attack
Microsoft has released a workaround for a zero-day flaw that was initially flagged in April and that attackers already have used to target organizations in Russia and Tibet, researchers said.
The remote control execution flaw, tracked as CVE-2022-3019, is associated with the Microsoft Support Diagnostic Tool, which, ironically, itself collects information about bugs in the company's products and reports to Microsoft Support.
"A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word," Microsoft explained in its guidance on the Microsoft Security Response Center.
Researchers from Shadow Chaser Group noticed it on April 12 in a bachelor's thesis from August 2020-with attackers apparently targeting Russian users-and reported to Microsoft on April 21, according to research firm Recorded Future's The Record.
If the calling application is an Office app then by default, Office opens the document from the internet in Protected View and Application Guard for Office, "Both of which prevent the current attack," Microsoft said.
What's more, the workaround that Microsoft currently offers itself has issues and won't provide much of a fix in the long-term, especially with the bug under attack, Grafi said.
News URL
https://threatpost.com/microsoft-workaround-0day-attack/179776/
Related news
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Microsoft issues 117 patches – some for flaws already under attack (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Week in review: Microsoft patches actively exploited 0-days, Amazon and HSBC employee data leaked (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-29 | CVE-2022-3019 | Authorization Bypass Through User-Controlled Key vulnerability in Tooljet The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one). | 8.8 |