Security News > 2022 > June > Microsoft Releases Workaround for ‘One-Click’ 0Day Under Active Attack
Microsoft has released a workaround for a zero-day flaw that was initially flagged in April and that attackers already have used to target organizations in Russia and Tibet, researchers said.
The remote control execution flaw, tracked as CVE-2022-3019, is associated with the Microsoft Support Diagnostic Tool, which, ironically, itself collects information about bugs in the company's products and reports to Microsoft Support.
"A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word," Microsoft explained in its guidance on the Microsoft Security Response Center.
Researchers from Shadow Chaser Group noticed it on April 12 in a bachelor's thesis from August 2020-with attackers apparently targeting Russian users-and reported to Microsoft on April 21, according to research firm Recorded Future's The Record.
If the calling application is an Office app then by default, Office opens the document from the internet in Protected View and Application Guard for Office, "Both of which prevent the current attack," Microsoft said.
What's more, the workaround that Microsoft currently offers itself has issues and won't provide much of a fix in the long-term, especially with the bug under attack, Grafi said.
News URL
https://threatpost.com/microsoft-workaround-0day-attack/179776/
Related news
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days (source)
- New Latrodectus malware attacks use Microsoft, Cloudflare themes (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-29 | CVE-2022-3019 | Authorization Bypass Through User-Controlled Key vulnerability in Tooljet The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one). | 0.0 |