9621 Agnes Crossing, Lake Suzanneview, New Mexico Island 84604-9295.
A team of researchers has discovered a serious vulnerability in Microsoft office. This vulnerability allows multiple malicious commands to be executed through a document word. Microsoft confirmed the
A team of researchers has discovered a serious vulnerability in Microsoft office. This vulnerability allows multiple malicious commands to be executed through a document word. Microsoft confirmed the issue on Tuesday (30).
The procedure is simple and deactivation can be performed at any time.
The company has not yet assigned a tracking number to this vulnerability, and it is currently known to the community as “Follina”. It uses malicious Word documents to execute PowerShell commands that affect the Microsoft Diagnostic Tool (MSDT). In addition, it is characterized by the fact that it does not require elevated privileges for use, as well as the ease of bypassing detection by Windows Defender.
At the moment, researchers have discovered a vulnerability in Office 2013, 2016, 2021 and Professional Plus versions. Everything can work with the latest updates, and the crash shows up even on Windows 11.
Security researcher Kevin Beaumont was able to unlock the code and explained how it works. According to him, there is a command line to run Microsoft Word with MSDT even if macro scripts are disabled. So it will extract the Base64 encoded file from the RAR file and run.
Researchers at cybersecurity company Huntress analyzed the file and indicated that an attacker could use this exploit to access remote locations on the victim’s network. This will allow the hacker to collect a series of passwords stored on victims’ computers.
Security researchers say the vulnerability may have been discovered and brought to Microsoft’s attention as early as April.
Based on screenshots posted by a member of the Shadow Chaser Group, an association of college students dedicated to finding and analyzing cyberthreats, Microsoft was aware of the vulnerability but dismissed it as “non-security issue“.
Microsoft’s argument for this was that while “msdt.exe” did run, it required a password when it ran, and the company was unable to reproduce the exploit.
However, on April 12, Microsoft closed the vulnerability report (tracked as VULN-065524) and classified it as “This issue has been fixed”, which impacted the security of remote code execution.
…..
Thinking about buying goods online? Discover the Save the Connected World extension for Google Chrome. It’s free and offers you price comparisons at major stores and coupons so you can always buy at the best price. Download now.
Via: Bleeping Computer
Source: Mundo Conectado
I’m Maurice Knox, a professional news writer with a focus on science. I work for Div Bracket. My articles cover everything from the latest scientific breakthroughs to advances in technology and medicine. I have a passion for understanding the world around us and helping people stay informed about important developments in science and beyond.
