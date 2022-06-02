CHANGE LANGUAGE
A New Follina Zero-Day Vulnerability Is Exploiting Microsoft Word Files To Attack Windows Systems
1-MIN READ

A New Follina Zero-Day Vulnerability Is Exploiting Microsoft Word Files To Attack Windows Systems

The vulnerability can be exploited in both Windows 10 and Windows 11.

The vulnerability can be exploited in both Windows 10 and Windows 11.

Microsoft has been informed about the vulnerability, but the tech giant is yet to launch a fix for this issue. It is also being said that Microsoft did not consider this a security issue initially.

Tech Desk

A new zero-day vulnerability found in Microsoft Office can allow attackers to execute a code in a user’s computer using a malicious Microsoft Word file.

The vulnerability, named Follina infects the user’s system the moment they open the malicious Word document. The document does this by executing something called a PowerShell command and it does so by using the Microsoft Diagnostic Tool. Researchers suggest that the Follina vulnerability has impacted Office 2013 and newer versions. Microsoft has not issued a fix yet.

The Follina vulnerability was first found by Nao_sec, a Tokyo-based cybersecurity research organisation. It disclosed the Follina vulnerability in a post on Twitter last week. According to the cybersecurity firm, the issue allows the attackers to use Microsoft Word to execute a malicious code on the victim’s computer.

A security researcher named Kevin Beaumont says that the document uses the Word remote template feature to retrieve an HTML file from a remote server, which in turn uses a Microsoft protocol to load some code and execute PowerShell. He said that a file exploiting a loophole targeted a user in Russia about a month ago.

Microsoft Office 2013 and later versions, including Office 2021 have been found vulnerable to the attacks. Some versions included with a Microsoft 365 license couuld also be vulnerable on both Windows 10 and Windows 11 systems.

Microsoft has been informed about the vulnerability, but the tech giant is yet to launch a fix for this issue. It is also being said that Microsoft did not consider this a security issue initially. While it has acknowledged the vulnerability, Microsoft is yet to release a fix for this.

Tech Desk

June 02, 2022