Microsoft alerts us to an actively exploited security flaw affecting the Office suite. The company also presents the solution to be put in place to deactivate the functionality in question quickly.
If you use Microsoft Office 2021,2019, 2016, 2013 or Professional Plus, you are affected by this security vulnerability, the severity of which is high: 7.8 out of 10. According to Microsoft, the vulnerability in question, called Follina , has been actively used by hackers since April.
Specifically, it is a corrupt Word document that claims to be issued by the Sputnik news agency. Indeed, the first hacking attempts concerned Russian citizens, with a document called “приглашение на интервью”, which can be translated as “request for an interview”.
If you are unfortunate enough to open this type of file, a series of arbitrary commands are then launched in the command prompt to infect your machine with malware. Microsoft explains the consequences of such a hack:
A remote code execution vulnerability exists when MSDT is invoked via the URL protocol from a source application such as Word. A hacker who successfully exploits this flaw can execute arbitrary code with the same access privileges enjoyed by the application. The hacker can then install programs, view, change or delete data, or create new accounts in the context authorized by the user’s rights on the machine.
How to effectively protect yourself from this flaw in Microsoft Office
Although Microsoft has not deployed any patch, the Redmond giant claims to have solved the problem by updating the detection base of Microsoft Defender as well as the procedure to follow to block the MSDT protocol on which this exploit is based.
In order to avoid the slightest risk, here are the steps to follow to protect yourself effectively:
Before doing this manipulation, it is strongly advised to save the registry key. To do this, use the first step we just described above, then type “reg export HKEY_CLASSES_ROOTms-msdt” followed by the desired file name. If you want to go back, then all you have to do is type “reg import” followed by the filename of your backup.
If Microsoft has already advised you to uninstall a Windows 11 update that caused unexpected crashes, we can only advise you to update your computer’s operating system to take advantage of the latest security measures and thus prevent the exploitation of certain vulnerabilities by cybercriminals.
Source :
The Hacker News