Security News

Cybersecurity researchers are calling attention to a zero-day flaw in Microsoft Office that could be abused to achieve arbitrary code execution on affected Windows systems. According to security researcher Kevin Beaumont, who dubbed the flaw "Follina," the maldoc leverages Word's remote template feature to fetch an HTML file from a server, which then makes use of the "Ms-msdt://" URI scheme to run the malicious payload. MSDT is short for Microsoft Support Diagnostics Tool, a utility that's used to troubleshoot and collect diagnostic data for analysis by support professionals to resolve a problem.

Microsoft has improved the account settings in the latest Windows 11 preview build, a settings page that now lists Office subscriptions linked to the user's Microsoft 365 account. The Windows Insider team started rolling out a new 'Your Microsoft account' settings page within Windows 11's Settings in October 2021.

Microsoft has reminded customers earlier this week that Microsoft Office 2013 is approaching its end of support next year, advising them to switch to a newer version to reduce their exposure to security risks. "After five years of Mainstream Support, and five years of Extended Support, Office 2013 will reach the End of Extended Support on April 11, 2023. Per the Fixed Lifecycle Policy, after this date security updates for Office 2013 will no longer be available," Microsoft told customers.

Windows Autopatch is an automated, managed service by Microsoft to keep Windows and Office always up-to-date. "Windows Autopatch manages all aspects of deployment groups for Windows 10 and Windows 11 quality and feature updates, drivers, firmware, and Microsoft 365 Apps for enterprise updates. Drivers and firmware that are published to Windows Update as Automatic will be delivered as part of Windows Autopatch," Lior Bela, a Senior Product Marketing Manager on the Microsoft 365 team, explained.

An unknown Chinese-speaking threat actor has been targeting betting companies in Taiwan, Hong Kong, and the Philippines, leveraging a vulnerability in WPS Office to plant a backdoor on the targeted systems. The first infection vector used in this campaign is an email with a laced installer that pretends to be a critical WPS Office update, but in most attacks, the threat actors use a different method.

Windows admins were hit today by a wave of Microsoft Defender for Endpoint false positives where Office updates were tagged as malicious in alerts pointing to ransomware behavior detected on their systems. Following the surge of reports, Microsoft confirmed the Office updates were mistakenly marked as ransomware activity due to false positives.

Microsoft on Monday said it's taking steps to disable Visual Basic for Applications macros by default across its products, including Word, Excel, PowerPoint, Access, and Visio, for documents downloaded from the web in an attempt to eliminate an entire class of attack vector."Bad actors send macros in Office files to end users who unknowingly enable them, malicious payloads are delivered, and the impact can be severe including malware, compromised identity, data loss, and remote access," Kellie Eickmeyer said in a post announcing the move.

Macro code from the internet will at last be turned off by default! If you've been in cybersecurity since the last millennium, you will certainly remember, and may still have occasional nightmares about, Microsoft Office macro viruses.

Aims to make life harder for miscreants Microsoft Office will soon block untrusted Visual Basic for Applications (VBA) macros sourced from the internet by default – a security measure users can...

Microsoft announced today that it will make it difficult to enable VBA macros downloaded from the Internet in several Microsoft Office apps starting in early April, effectively killing a popular distribution method for malware. Using VBA macros embedded in malicious Office documents is a very popular method to push a wide range of malware families in phishing attacks, including Emotet, TrickBot, Qbot, and Dridex.