Microsoft

A zero-day remote code execution vulnerability named 'Follina' in Microsoft Office discovered recently has the potential for code execution if a victim opens a malicious document in Word.

The vulnerability abuses the ability of MSDT to load other assistants “wizards” in Windows, which in turn have the ability to execute arbitrary code from a remote location.

It can also allow the attacker to view and edit files, install programs and create new user accounts to the limit of the compromised user’s access rights.

The initial versions spotted in the wild required the target to open the malicious document in Word, but the recently discovered variant uses Rich Text Format (.RTF) works only if the user simply selects the file in Windows Explorer.

Microsoft has yet not issued a patch but has suggested disabling the MSDT URL Protocol to cut off the attack sequence.

Source: https://www.cpomagazine.com/cyber-security/zero-day-remote-code-execution-vulnerability-found-in-microsoft-office-no-patch-yet-but-possible-fix-available/

"id": "MIC14326622",
"linkid": "microsoft",
"type": "Vulnerability",
"date": "06/2022",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of a geographical region"