Security News
Follina abuses Microsoft Office to execute remote code. CVE-2022-30190, also known as "Follina", is a remote code execution vulnerability that affects Microsoft Office, reported on May 27, 2022.
Microsoft Office apps - including Outlook and Teams - are vulnerable to homograph attacks based on internationalized domain names. "Users, who are trained to validate a link in an email client before they click it, will be susceptible to click on it because it has not yet been translated to a real domain name in their browser. The real domain name would only be seen after the page has started to open," Bitdefender researchers warned.
BeyondTrust's recent 2022 Microsoft Vulnerabilities Report includes the latest annual breakdown of Microsoft vulnerabilities by category and product, as well as a six-year trend analysis, providing a holistic understanding of the evolving threat landscape. In this video for Help Net Security, Morey Haber, Chief Strategy Officer at Beyond Trust, talks about this report, which analyzes data from security bulletins publicly issued by Microsoft throughout the previous year.
A new Windows Search zero-day vulnerability can be used to automatically open a search window containing remotely-hosted malware executables simply by launching a Word document. While most Windows searches will look on the local device's index, it is also possible to force Windows Search to query file shares on remote hosts and use a custom title for the search window.
Microsoft sets multi-factor authentication as default for all Azure AD customers. In a new blog post, the company revealed that it's adding multi-factor authentication as the default security setting for existing Azure customers who haven't changed that setting on their own.
Microsoft has released a workaround for a zero-day flaw that was initially flagged in April and that attackers already have used to target organizations in Russia and Tibet, researchers said. The remote control execution flaw, tracked as CVE-2022-3019, is associated with the Microsoft Support Diagnostic Tool, which, ironically, itself collects information about bugs in the company's products and reports to Microsoft Support.
An advanced persistent threat actor aligned with Chinese state interests has been observed weaponizing the new zero-day flaw in Microsoft Office to achieve code execution on affected systems. "TA413 CN APT spotted exploiting the Follina zero-day using URLs to deliver ZIP archives which contain Word Documents that use the technique," enterprise security firm Proofpoint said in a tweet.
Microsoft has whipped out the rebranding team once more, and chosen the name "Entra" as a catch-all for the company's identity and access capabilities. Sadly nothing to do with the sometimes-missed Encarta, the encyclopaedia launched by Microsoft back in the 1990s and eventually killed off in the first decade of the twenty-first century, Entra is not so much about squinting at postage stamp-sized bits of video and more about Azure Active Directory and Cloud Infrastructure Entitlement Management.
Microsoft on Monday published guidance for a newly discovered zero-day security flaw in its Office productivity suite that could be exploited to achieve code execution on affected systems. Microsoft Office versions Office 2013, Office 2016, Office 2019, and Office 2021, as well as Professional Plus editions, are impacted.
Microsoft has shared mitigation measures to block attacks exploiting a newly discovered Microsoft Office zero-day flaw abused in the wild to execute malicious code remotely. The bug is a Microsoft Windows Support Diagnostic Tool remote code execution vulnerability reported by crazyman of the Shadow Chaser Group.