Cybersecurity researchers have discovered a zero-day vulnerability in Microsoft Office called Follina. It could affect a computer with malicious Word documents.
On Twitter, anti-phishing extension provider Wallet Guard said the vulnerability could allow attackers to take control of a victim’s computer without opening the file.
This exploit is a mountain of exploits overlaid on top of each other. Unfortunately, it is easy to recreate and cannot be detected by antivirus, Wallet Guard reported.
The attack manifests itself by using Microsoft Office documents to open the Microsoft Diagnostics Tool (MSDT) file handler. Attackers can use phishing or social engineering to force users to open an attached file and from that point gain access to the victim’s entire system.
In response to the vulnerability, Microsoft published guidance along with a security update under CVE-2022-30190. In a blog post, Microsoft acknowledged that attackers could use the vulnerability to successfully install programs, view, modify or delete data, or create new accounts.
Users using the Microsoft Cloud-Delivered Protection Service have a high chance of security, but researchers recommended disabling the MSDT URL protocol as a workaround so that troubleshooting tools are not run as links.
Wallet Guard experts suggested that Microsoft Defender Attack Surface Reduction (ASR) users switch the “Block all Office applications from creating child processes” setting to “Block Mode.”
The researchers warn against downloading .doc, .docx, and .rtf files and advise accepting PDF documents with other extensions as well.