Microsoft Office Zero-Day Vulnerability Revealed

Microsoft Office Zero-Day Vulnerability Revealed

A new zero-day security vulnerability in Microsoft Office allows attackers to run PowerShell commands through the Microsoft Diagnostic Tool (MSDT) simply by opening a Word document. This vulnerability could allow a remote, unauthenticated attacker to take control of a vulnerable system. After identifying a malicious Word document submitted to Google-owned VirusTotal on May 25 from an IP address in Belarus, security researcher Kevin Beaumont called the vulnerability “Follina” (the zero-day code refers to the Italy-based area code of Follina – 0438).

Users should be cautious about opening attachments, according to cybersecurity firm Huntress, and should be aware that this attack can be triggered with “a hover-preview of a downloaded file that does not require any clicks (post download).” Given its ability to overcome Windows Defender, Bugcrowd Chief Technology Officer (CTO) Casey Ellis said the vulnerability appears to be trivially exploitable and very powerful/flexible in the security context of the logged-in user.

Read More:

“It’s also extremely risky in that Microsoft macros are the most common target for code execution payloads via Microsoft Office products,” he writes, adding that “user awareness training on “Not Enabling Macros” does not minimize the risk.

Microsoft has documented active exploitation of the vulnerability in the wild and published a workaround, but not a patch after the vulnerability was revealed.

The mitigations offered are “messy workarounds” for which the industry hasn’t had time to investigate the impact. According to John Hammond, Senior Security Researcher at Huntress, “they entail modifying settings in the Windows Registry, which is serious business because an erroneous Registry entry might brick your machine.”

A Chinese state-sponsored hacker gang was detected exploiting the zero-day assaults on institutions linked with the Tibetan Government in Exile, according to cybersecurity firm Proofpoint.

Since April, according to ColorTokens CTO Harisk Akali, nefarious actors have been exploiting Follina. “The relevance of zero trust architecture and solutions based on that principle is highlighted by this occurrence,” Akali explains. Only valid and authorized network interactions and processes on a computer would be allowed under such a system.”

For more information like this do visit

You might also like

Leave a Reply

Your email address will not be published. Required fields are marked *