June 5, 2023

Hackers are exploiting a vulnerability in Microsoft Office that enables them to fetch malicious code without detection in a multi-stage attack.

The exploit, dubbed named Follina, abuses the remote template feature in Microsoft Word. Researcher spotted that the zero day exploit embedded in a Word document first loads a HTML file from a remote webserver.

Advertisements

It then uses the MSDT diagnotics tool handler, which is registered for the MS Office protocol, to execute Windows PowerShell code. The exploit works even with Office macros, traditionallyused to run malware, disabled.

Microsoft’s Defender for Endpoint does not currently detect Follina, and the exploit works on the older Office 2013 and 2016 variants.

Another researcher, Didier Stevens, discovered that Follina MSDT exploit working on a fully patched version of Office 2021.

Users with an Office E5 licence can add a Defender for Endpoint query to alert about the exploit, which currently passes the anti-malware tool undetected.

Advertisements

This ZeroDay exploit was discovered by Japanese security vendor Nao Sec, submitted from Belarus.

Tags:

You may have missed

BlackSuit Ransomware Dissection

BlackSuit Ransomware Dissection

June 4, 2023
TheCyberThrone CyberSecurity Newsletter Top 5 Articles – May, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – May, 2023

June 4, 2023
Cisco buys Armorblox

Cisco buys Armorblox

June 3, 2023
CISA KEV Update Part I – May 2023

CISA KEV Update Part I – May 2023

June 3, 2023
Gigabyte Motherboards Backdoor’ed

Gigabyte Motherboards Backdoor’ed

June 3, 2023
MOVEit Vulnerability Exploited in Wild

MOVEit Vulnerability Exploited in Wild

June 2, 2023
%d bloggers like this: