Security issues choose neither time nor platforms to act. They are discovered indiscriminately and always by surprise to users, who are thus affected.
The latest victim seems to be Office Word, which with a simple vulnerability can leave Windows exposed to problems. The situation is serious and users must protect themselves.
Discovered by independent security researchers, this Microsoft Office flaw is the latest high-profile issue. If exploited, it can facilitate the remote execution of malicious code from a simple opening of a document in Word.
Initially named “Follina”, this flaw is exploited through the well-known Microsoft Diagnostic Tool (MSDT). In this case, it is used by attackers to execute malicious PowerShell commands, without requiring elevated privileges to be exploited and without being detected by Windows Defender.
Interesting maldoc was submitted from Belarus. It uses Word's external link to load the HTML and then uses the "ms-msdt" scheme to execute PowerShell code.https://t.co/hTdAfHOUx3 pic.twitter.com/rVSb02ZTwt
—não_sec (@nao_sec) May 27, 2022
Even more curious is not depending on macros or other elements normally used in attacks on these platforms. It just requires opening a Word document. After this step, there are external links to be used for remote code execution.
It was further revealed that it is possible to run PowerShell commands even without opening this document. It is enough for the attacker to change the file format to Rich Text Format (RTF), something that also prevents the detection of the attacker by the security elements of Word.
Despite being recognized by Microsoft, this security flaw still does not have a solution. O recommended is to disable the MSDT URL protocol and enable Microsoft Defender Antivirus cloud protection to mitigate the risks of this attack.
This is yet another situation for Microsoft to resolve as soon as possible, in order to keep users protected. Its attack vector is something too simple and therefore its risk factor is even higher.