IT House reported on June 4 that a researcher discovered a 0-day security vulnerability in Microsoft Office – Follina, the vulnerability CVE number is CVE-2022-30190.
Microsoft has confirmed that the vulnerability exists in the Microsoft Support Diagnostic Tool on Windows, which is triggered when MSDT is invoked from a URL protocol using applications such as Word.
It’s worth noting that this obfuscated code can be run without opening the document, such as through IE’s preview window.
An attacker can exploit this vulnerability to run arbitrary code with the permissions of the calling application, then install the application, view, modify and delete data, and even create new accounts.
IT Home has learned that this vulnerability does not appear to be limited to the Windows version, and may be exposed as long as the Microsoft Support Diagnostic Tool is installed on the system.
Microsoft says users can avoid exploitation of this vulnerability simply by disabling the MSDT URL protocol, and you can still access the troubleshooter using the Get Help app and other or other troubleshooters in System Settings. In addition, Microsoft also reminds users to update the anti-software Microsoft Defender to the latest version (1.367.719.0) to detect any possible exploits.
Methods to disable MSDT URL protocol:
-
Open a command prompt CMD as an administrator.
-
Back up the registry keys and execute the command reg export HKEY_CLASSES_ROOTms-msdt filename
-
Execute the command reg delete HKEY_CLASSES_ROOTms-msdt /f
Cancellation:
Security researcher nao_sec accidentally discovered a malicious Word document submitted to Virus Total by an IP address located in Belarus last month that abused Microsoft’s MSDT (ms-msdt) technology. He uses external links to load HTML, and then uses the ms-msdt scheme to execute PowerShell code.
Kevin Beaumont discovered that this is a command line string that Microsoft Word executes using MSDT, even when macro scripting is disabled. Versions known to be affected by this vulnerability include Office 2013, 2016, Office Pro Plus, and Office 2021.
In fact, researchers reported the vulnerability to Microsoft back in April, but Microsoft said it was not a security-related issue and closed the vulnerability report, claiming there were no remote code execution security implications, but not until May It was only on the 30th that Microsoft assigned a CVE number to the vulnerability, although no patch for the vulnerability has been released so far.
.
[related_posts_by_tax taxonomies=”post_tag”]
The post Microsoft Office is exposed to a 0-day vulnerability, Windows supports diagnostic tools to take the blame appeared first on Gamingsym.