Security News

Infosec researchers have idenitied a zero-day code execution vulnerability in Microsoft's ubiquitous Office software. Dubbed "Follina", the vulnerability has been floating around for a while and uses Office functionality to retrieve a HTML file which in turn makes use of the Microsoft Support Diagnostic Tool to run some code.

A zero-day vulnerability in Microsoft Office allows adversaries to run malicious code on targeted systems via a flaw a remote Word template feature. Noted security researcher Kevin Beaumont dubbed the vulnerability "Follina", explaining the zero day code references the Italy-based area code of Follina - 0438.Beaumont said the flaw is abusing the remote template feature in Microsoft Word and is not dependent on a typical macro-based exploit path, common within Office-based attacks.

Security researchers have discovered a new Microsoft Office zero-day vulnerability that is being used in attacks to execute malicious PowerShell commands via Microsoft Diagnostic Tool simply by opening a Word document.The vulnerability, which has yet to receive a tracking number and is referred to by the infosec community as 'Follina,' is leveraged using malicious Word documents that execute PowerShell commands via the MSDT. This new Follina zero-day opens the door to a new critical attack vector leveraging Microsoft Office programs as it works without elevated privileges, bypasses Windows Defender detection, and does not need macro code to be enabled to execute binaries or scripts.

Cybersecurity researchers are calling attention to a zero-day flaw in Microsoft Office that could be abused to achieve arbitrary code execution on affected Windows systems. According to security researcher Kevin Beaumont, who dubbed the flaw "Follina," the maldoc leverages Word's remote template feature to fetch an HTML file from a server, which then makes use of the "Ms-msdt://" URI scheme to run the malicious payload. MSDT is short for Microsoft Support Diagnostics Tool, a utility that's used to troubleshoot and collect diagnostic data for analysis by support professionals to resolve a problem.

During the Build 2022 developer conference, Microsoft announced a number of new features for Windows 11, including an improved Windows Subsystem for Android and more. Microsoft is upgrading the Android OS within the subsystem to Android 12L and adding support for advanced networking, so your mobile apps can easily communicate with devices outside the virtualization environment.

Four high severity vulnerabilities have been disclosed in a framework used by pre-installed Android System apps with millions of downloads. "As it is with many of pre-installed or default applications that most Android devices come with these days, some of the affected apps cannot be fully uninstalled or disabled without gaining root access to the device," the Microsoft 365 Defender Research Team said in a report published Friday.

Microsoft security researchers have found high severity vulnerabilities in a framework used by Android apps from multiple large international mobile service providers. "The apps were embedded in the devices' system image, suggesting that they were default applications installed by phone providers," according to security researchers Jonathan Bar Or, Sang Shin Jung, Michael Peck, Joe Mansour, and Apurva Kumar of the Microsoft 365 Defender Research Team.

Microsoft has announced that it will automatically enable stricter secure default settings known as 'security defaults' on all existing Azure Active Directory tenants in late June 2022.First introduced in October 2019 only for new tenants, security defaults are a set of basic security mechanisms designed to introduce good identity security hygiene with a minimum of effort, even for organizations that don't have an IT team.

Critical Microsoft vulnerabilities decreased 47% in 2021.Overall vulnerabilities across all Microsoft products decreased five percent in 2021, according to the annual BeyondTrust Microsoft Vulnerabilities 2022 report.

Microsoft's Windows Hardware Compatibility Program has confirmed that Windows 11 22H2 build 22621 is the Released to Manufacturing build, meaning that the development of Window's 11 next feature update is ready for release. Microsoft confirmed the build in a new post by the Windows Hardware Compatibility Program, listing new policies and development kits for hardware developers creating drivers for Windows 11 22H2. This blog post lists the requirements and timeline for when developers can start submitting new drivers for Windows 11 22H2. As part of this information, Microsoft states that the minimum acceptable build for Windows 11 22H2 is the RTM build, 22621.