Users of the Office suite, beware! Microsoft has just indicated that a security flaw can allow hackers to infect your PC. The editor also provides ways to correct the problem yourself.
Security patches follow one another regularly in Windows. But Microsoft’s operating system isn’t the only victim of hacker attacks. Its Office suite is also a prime target. Proof of this is that the publisher has just revealed the existence of a security flaw whose severity is rated 7.8/10. It concerns the versions of Office 2013, 2016, 2019 and 2021 as well as the Professional Plus editions. Called Follina, this flaw is exploited by hackers using a contaminated Word document. It first raged in Russia posing as an interview request from Sputnik Radio, but is now spreading to other countries. This corrupted document relies on ” a remote code execution vulnerability that initiates when the Microsoft Windows Support Diagnostic Tool (MSDT) is invoked using the URL protocol from a calling application such as Word “says Microsoft to the US website TheHackerNews. And also to state: An attacker who successfully exploited this vulnerability can execute arbitrary code with the privileges of the calling application. The attacker can then install programs, view, modify or delete data, or create new accounts in the context authorized by the user’s rights “. Not very reassuring and for all that, Microsoft does not publish any security update concerning this flaw. The editor is content to indicate the procedure to follow so that users themselves protect themselves by deleting a security key. Windows registry.
How to Fix Microsoft Office Suite Security Vulnerability?
Do you have a version of Office 2013, 2016, 2019, 2021 or Professional Plus? To fill the office suite’s security hole and prevent intrusions on your PC, you will have to manipulate the Windows registry editor.
► First, make a backup of the offending registry key. You can then put it back in place when Microsoft has updated Office to correct this flaw. To do this, in the Windows search field, type Prompt and then click Command Prompt > Run as administrator from the results that appear.
► In the window that opens, enter the following command and validate.
reg export HKEY_CLASSES_ROOTms-msdt faille (" faille " étant le nom que nous avons donné nous-même au fichier).
► All that remains is to delete the registry key. To do this, enter the following command and validate.
reg delete HKEY_CLASSES_ROOTms-msdt /f
► When you want to reintegrate the registry key, you must enter the following command:
reg import faille
