Independent cybersecurity research group Nao_Sec announced that a new zero-day vulnerability has been identified in Microsoft Office. The team, who discovered the new vulnerability, called Follina, in a Word file named 05-2022-0438.doc, which was first uploaded to VirusTotal from a Belarus-based IP address on May 27, states that the vulnerability can be used for malicious purposes.
May lead to data theft
Noting on Twitter about the new vulnerability, Nao_Sec said that attackers used the “Word remote template feature to retrieve HTML file from a remote web server, and then ‘ms’ to execute PowerShell code. He explained that he was using the ‘-msdt’ (Microsoft Support Diagnostic Tool) scheme. However, the Microsoft Support Diagnostic Tool, which is included in the descriptions, is known as a program that allows the collection of diagnostic data for problem detection and fixes.
Baydöner customers’ data leaked
New vulnerability in MS Office and MS Confirming that it can be used remotely to execute arbitrary code on various versions of Windows, many security researchers reported that the latest Office and Insider versions are safe, but multiple Office versions are vulnerable, such as Office Pro Plus, Office 2013, Office 2016, and Office 2021.
- Home
- Internet
- Cyber Security News
- A new vulnerability has emerged in Microsoft Office