September 30, 2023

Hackers are exploiting a vulnerability in Microsoft Office that enables them to fetch malicious code without detection in a multi-stage attack.

The exploit, dubbed named Follina, abuses the remote template feature in Microsoft Word. Researcher spotted that the zero day exploit embedded in a Word document first loads a HTML file from a remote webserver.

Advertisements

It then uses the MSDT diagnotics tool handler, which is registered for the MS Office protocol, to execute Windows PowerShell code. The exploit works even with Office macros, traditionallyused to run malware, disabled.

Microsoft’s Defender for Endpoint does not currently detect Follina, and the exploit works on the older Office 2013 and 2016 variants.

Another researcher, Didier Stevens, discovered that Follina MSDT exploit working on a fully patched version of Office 2021.

Users with an Office E5 licence can add a Defender for Endpoint query to alert about the exploit, which currently passes the anti-malware tool undetected.

Advertisements

This ZeroDay exploit was discovered by Japanese security vendor Nao Sec, submitted from Belarus.

Tags:

You may have missed

Johnson Controls Ransomware Attack

September 30, 2023

Progress issues Patches for Critical WS_FTP Flaws

September 29, 2023

NIST Releases SP 800-82r3 guide for OT

September 29, 2023

Cisco Semi-annual Security Advisory Summary

September 29, 2023

BlackTech Havoc’s Organizations with Cisco Router Bug

September 29, 2023

Google fixes fifth Zeroday bug in Chrome

September 28, 2023
%d bloggers like this: