Home Latest News Microsoft Office zero day leaves researchers scrambling over the holiday weekend –...

Microsoft Office zero day leaves researchers scrambling over the holiday weekend – Cybersecurity Dive

Ads

The company warns a successful attack could allow an attacker to install programs, delete data or create new accounts.
UPDATE: May 31, 2022: The Cybersecurity and Infrastructure Security Agency urged administrators and users to review Microsoft’s guidance on a workaround to the Follina vulnerability, which affects the Microsoft Support Diagnostic Tool in Windows.
The vulnerability allows a remote, unauthenticated user to take control over a system by exploiting downloaded Microsoft Office documents, according to researchers. Researchers say a patch has not been issued.
Microsoft has reported active exploitation of this vulnerability in the wild, CISA said.
Researcher @nao_sec uncovered the vulnerability on May 27 while looking on VirusTotal for prior attacks involving CVE-2021-40444, according to Hammond. The previous vulnerability allowed arbitrary code execution using Office or RTF files. 
The new vulnerability was connected to a document submitted from Belarus, which used the external link in Word to load HTML and then executed a PowerShell code using “ms-msdt,” according to a May 27 post on Twitter
According to Beaumont, the vulnerability appears to be exploitable on all versions of Office 365 files when using an .RTF file. 
Though a new zero day, defense comes down to security basics. Organizations can help prevent an attack like this by educating users on how to spot phishing and social engineering campaigns. 
“Educating users to identify and delete malicious emails remains your best line of defense until a patch is available to deploy to your endpoints,” Hammond said via email. 
In the interim, organizations should look out for rogue child processes created under Microsoft Office products, including msdt.exe and sdiagnhost.exe. 
Microsoft suggested disabling MSDT URL protocol as a workaround, which prevents troubleshooters from launching as links. 
Customers with Microsoft Defender Antivirus should turn on cloud-delivered protection and automatic-sample submission, Microsoft said. They use artificial intelligence and machine learning to identify and stop new and unknown threats, according to the company.
Get the free daily newsletter read by industry experts
For enterprises, the security priority remains doing more with less and finding tools that offer greater areas of coverage and integration.
Enterprise customers should expect higher premiums and more restrictive underwriting criteria, though a recent court victory may force insurers to honor wartime claims.
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
For enterprises, the security priority remains doing more with less and finding tools that offer greater areas of coverage and integration.
Enterprise customers should expect higher premiums and more restrictive underwriting criteria, though a recent court victory may force insurers to honor wartime claims.
The free newsletter covering the top industry headlines

source

Ads
Previous articleApple's new M2 MacBook Pro is officially up for preorder – Mashable
Next articleApple iPhone 14 Pro To Come With Major Camera Upgrade: Check Features, Launch Date, More | Deets Inside – India.com
Abhinav Breathes and Bleeds Technology. He's a humanoid with a passion for Gadgets, Cars, Gaming. You can usually find him on PSN Blabbering about his FIFA skills.