A new vulnerability has emerged in Microsoft Office

A new zero-day vulnerability has been identified in many Microsoft Office versions. Security researchers say the new vulnerability could be used to execute code remotely.
 A new vulnerability has emerged in Microsoft Office
READING NOW A new vulnerability has emerged in Microsoft Office

Independent cybersecurity research group Nao_Sec announced that a new zero-day vulnerability has been identified in Microsoft Office. The team, who discovered the new vulnerability, called Follina, in a Word file named 05-2022-0438.doc, which was first uploaded to VirusTotal from a Belarus-based IP address on May 27, states that the vulnerability can be used for malicious purposes.

May lead to data theft

Noting on Twitter about the new vulnerability, Nao_Sec said that attackers used the “Word remote template feature to retrieve HTML file from a remote web server, and then ‘ms’ to execute PowerShell code. He explained that he was using the ‘-msdt’ (Microsoft Support Diagnostic Tool) scheme. However, the Microsoft Support Diagnostic Tool, which is included in the descriptions, is known as a program that allows the collection of diagnostic data for problem detection and fixes.

Baydöner customers’ data leaked

Added 4 days ago

New vulnerability in MS Office and MS Confirming that it can be used remotely to execute arbitrary code on various versions of Windows, many security researchers reported that the latest Office and Insider versions are safe, but multiple Office versions are vulnerable, such as Office Pro Plus, Office 2013, Office 2016, and Office 2021.

  • Home
  • Internet
  • Cyber ​​Security News
  • A new vulnerability has emerged in Microsoft Office

Comments
Leave a Comment

Details
218 read
okunma18940
0 comments