Holiday weekend leaves researchers in a frenzy due to undiscovered vulnerability in Microsoft Office

In a recent development, a new security vulnerability known as the Follina vulnerability has been discovered, causing concern among Microsoft users worldwide. This vulnerability, first disclosed by researcher Manuel Barbosa on May 27, 2022, allows a remote, unauthenticated user to gain control over a system by exploiting downloaded Microsoft Office documents.

The Follina vulnerability, dubbed as such by researcher Kevin Beaumont, is particularly dangerous as it is exploitable on all versions of Office 365 files when using an .RTF file. Microsoft has confirmed active exploitation of this vulnerability in the wild, with a document submitted from Belarus being connected to the Follina vulnerability.

As of now, there is no known patch for the Follina vulnerability. However, Microsoft has issued guidance on the matter late Monday and suggested several workarounds to help mitigate the risk. One such workaround is disabling the MSDT URL protocol to prevent troubleshooters from launching as links.

Microsoft also advises customers with Microsoft Defender Antivirus to turn on cloud-delivered protection and automatic-sample submission. The company claims that Microsoft Defender Antivirus uses artificial intelligence and machine learning to identify and stop new and unknown threats.

In addition to technical measures, educating users on how to spot phishing and social engineering campaigns is a crucial defense against the Follina vulnerability. Users should be vigilant and cautious when opening emails and documents from unknown sources.

The Cybersecurity and Infrastructure Security Agency has urged administrators and users to review Microsoft's guidance on the Follina vulnerability. It is essential to stay informed and take necessary precautions to protect your system from potential threats.

It is important to note that rogue child processes created under Microsoft Office products, including msdt.exe and sdiagnhost.exe, should be looked out for. These processes could indicate an attempt to exploit the Follina vulnerability.

Microsoft published a security update under CVE-2022-30190 regarding the Follina vulnerability. While a patch is not yet available, this update provides valuable information about the vulnerability and Microsoft's efforts to address it.

In conclusion, the Follina vulnerability poses a significant threat to Microsoft systems. Users and administrators are advised to follow Microsoft's guidance and stay vigilant to protect their systems from potential attacks.

Holiday weekend leaves researchers in a frenzy due to undiscovered vulnerability in Microsoft Office