Security News

More precisely, perhaps, it's a code execution security hole hole that can be exploited by way of Office files, though for all we know there may be other ways to trigger or abuse this vulnerability. On Windows, ms-msdt: is a proprietary URL type that launches the MSDT software toolkit.

Microsoft has shared mitigation measures to block attacks exploiting a newly discovered Microsoft Office zero-day flaw abused in the wild to execute malicious code remotely. The bug is a Microsoft Windows Support Diagnostic Tool remote code execution vulnerability reported by crazyman of the Shadow Chaser Group.

A newly numbered Windows zero-day vulnerability is being exploited in the wild via specially crafted Office documents, security researchers are warning. Boobytrapped office files delivered via email are one of the most common tactics attackers use to compromise endpoints, and they are constantly finding new ways to hide the documents' malicious nature from existing security defenses, solutions, as well as users/targets.

Infosec researchers have idenitied a zero-day code execution vulnerability in Microsoft's ubiquitous Office software. Dubbed "Follina", the vulnerability has been floating around for a while and uses Office functionality to retrieve a HTML file which in turn makes use of the Microsoft Support Diagnostic Tool to run some code.

A zero-day vulnerability in Microsoft Office allows adversaries to run malicious code on targeted systems via a flaw a remote Word template feature. Noted security researcher Kevin Beaumont dubbed the vulnerability "Follina", explaining the zero day code references the Italy-based area code of Follina - 0438.Beaumont said the flaw is abusing the remote template feature in Microsoft Word and is not dependent on a typical macro-based exploit path, common within Office-based attacks.

Security researchers have discovered a new Microsoft Office zero-day vulnerability that is being used in attacks to execute malicious PowerShell commands via Microsoft Diagnostic Tool simply by opening a Word document.The vulnerability, which has yet to receive a tracking number and is referred to by the infosec community as 'Follina,' is leveraged using malicious Word documents that execute PowerShell commands via the MSDT. This new Follina zero-day opens the door to a new critical attack vector leveraging Microsoft Office programs as it works without elevated privileges, bypasses Windows Defender detection, and does not need macro code to be enabled to execute binaries or scripts.

Cybersecurity researchers are calling attention to a zero-day flaw in Microsoft Office that could be abused to achieve arbitrary code execution on affected Windows systems. According to security researcher Kevin Beaumont, who dubbed the flaw "Follina," the maldoc leverages Word's remote template feature to fetch an HTML file from a server, which then makes use of the "Ms-msdt://" URI scheme to run the malicious payload. MSDT is short for Microsoft Support Diagnostics Tool, a utility that's used to troubleshoot and collect diagnostic data for analysis by support professionals to resolve a problem.

Spyware vendor Cytrox sold zero-day exploits to government-backed snoops who used them to deploy the firm's Predator spyware in at least three campaigns in 2021, according to Google's Threat Analysis Group. Based on CitizenLab's analysis of Predator spyware, Google's bug hunters believe that the buyers of these exploits operate in Egypt, Armenia, Greece, Madagascar, Côte d'Ivoire, Serbia, Spain, Indonesia, and possibly other countries.

Mozilla has released security updates for multiple products to address zero-day vulnerabilities exploited during the Pwn2Own Vancouver 2022 hacking contest. If exploited, the two critical flaws can let attackers gain JavaScript code execution on mobile and desktop devices running vulnerable versions of Firefox, Firefox ESR, Firefox for Android, and Thunderbird.

In these attacks, part of three campaigns that started between August and October 2021, the attackers used zero-day exploits targeting Chrome and the Android OS to install Predator spyware implants on fully up-to-date Android devices. The government-backed malicious actors who purchased and used these exploits to infect Android targets with spyware are from Egypt, Armenia, Greece, Madagascar, Côte d'Ivoire, Serbia, Spain, and Indonesia, according to Google's analysis.