Hackers often set their sights on what has the most users. For example services or programs that are most used. At the end of the day in this way they can have a greater probability of success. In this article we report on an important new vulnerability that affects Microsoft Office . This can lead to personal data being compromised. Hence, we must take measures to avoid it.
New Zero Day bug in Office
Specifically, it is a Day Zero bug that affects Office. It is being used by hackers to launch malicious commands in PowerShell using Microsoft’s diagnostic tool, which is known as MSDT. This bug has been named Follina, although it does not yet have a tracking code.
In the event that an attacker executes this vulnerability , it could open the door to a new critical attack vector that will exploit Microsoft Office. It does not need administrator permissions and Windows antivirus does not detect it as a threat. It does not need macros to be enabled to run.
How can we be victims of this attack? We would simply have to open a Word document and it could automatically execute malicious PowerShell commands via MSDT . According to security researchers, they discovered this vulnerability by chance while analyzing another bug on VirusTotal.
They indicated that it uses an external link from Word to load HTML and from there use the ms-msdt scheme to be able to execute the PowerShell code. What the PowerShell script will do is extract a Base64 encoded file from a RAR archive and then run it. However, they indicate that it is not clear what malicious activity has carried out this type of attack.
How to avoid this attack
So what can we do to avoid being victims of this type of attack? We have seen that it is a threat that affects Office files and that it will require us to open a document. Therefore, common sense in this case is going to be essential in order not to fall into the trap and not open a file that could be malicious.
Our main advice is to avoid making mistakes . Never open files that come to us by e-mail without really knowing what the source is, since it could be a trap. It is essential to always know how to filter everything that comes to us and only pay attention to what we know to be reliable.
Likewise, another important point is to always have a good antivirus installed. This will help you prevent the entry of threats in the form of Word files or any other document. There are many options, both free and paid. For example, Windows Defender itself can come in handy. It is essential to protect your computer from malware.
But something essential and that on many occasions we overlook is to have everything updated correctly. In this case, it is a Day Zero vulnerability that affects Office. There are many security flaws that affect this type of program, in addition to the operating system. Therefore, we must always have the latest versions and correct them.
