Hackers have found a new way to take over your computer using Microsoft Office — here’s what you can do to stay safe
MicrosoftConfirms ‘ Follina’ vulnerability in Microsoft Office
- Researchers suggest that the Follina
zero-day vulnerabilityhas also impacted Office 2013 version.
- Instead of a security patch, Microsoft has released guidance to cope with Follina - read below.
AdvertisementThe independent research group named nao_sec has identified a new zero-day vulnerability in Microsoft Office that allows hackers to execute a code using an infected Word document. The security issue is known as Follina which hits the user system when they open malicious Word files.
The Tokyo based cybersecurity research organization revealed the Follina vulnerability on their Twitter handle. According to the tweet, the security lapse is allowing Microsoft Word file to execute code - Follina even if Macros is disabled as it is used to give commands for automated tasks. Meanwhile, hackers are using vulnerability for similar automation with Macros.
Interesting maldoc was submitted from Belarus. It uses Word's external link to load the HTML and then uses the "ms-… https://t.co/YGtzXnBPjb— nao_sec (@nao_sec) 1653662332000
On Monday, Microsoft Security Response Center responded on Office vulnerabilities and said, if a hacker exploits this vulnerability, they can install programs or applications and exploit, view or delete data. Further, they can also create new accounts using ‘user rights’ and personal information.
Earlier, Microsoft Office versions 2013 and 2021 have been found vulnerable to attacks. In some cases even licensed versions of Microsoft 365 were also affected on Windows 10 and 11.
Researcher and former Senior Threat Intelligence Analyst at Microsoft,
No security update or patch is available for Follina
According to Microsoft, currently, no patch is available. Instead, the company’s security response centre team has released a set of guidelines to cope with Follina.
Company says, the best way to cope with this vulnerability is to disable the Microsoft Support Diagnostics Tool (MSDT) URL protocol.
Follow the given steps to disable MSDT-
- Switch to Administrator and run Command Prompt.
- Execute command ‘reg export HKEY_CLASSES_ROOT\ms-msdt filename’ to back up the registry key.
Apple’s new patent may use ultrasonic haptic technology to make virtual reality more realistic
Amazon employees storm a company Pride Month celebration, protesting the sale of transphobic content
Popular on BI
- 'Quiet quitting' is a bad idea, experts say. Here are 6 things you can do instead to get the same results if you're looking for better work-life balance – or to lighten your workload
- This pioneering regional OTT has turned profitable in 5 years – here’s how
- A man's cancer vanished after he was injected with a weakened herpes virus in a promising clinical trial
- Threats to Mukesh Ambani's family: one held from Bihar
- UK Home Secretary Suella Braverman objects to increasing visas for Indians
- Upcoming electric cars in India in 2022 - check the expected price and range here
- More than half of Bitcoin volume on crypto exchanges fake: Report
- 12,000 Facebook employees, 15% of its workforce, may lose jobs amid 'quiet layoffs': Report