New software vulnerability targets Microsoft programs

Over the weekend A zero day vulnerability was discovered in a Windows tool that hackers have been exploiting via poisoned Word documents.

An independent cybersecurity research team known as nao_sec announced in a series of tweets that they had found the vulnerability in a malicious Word document uploaded to Virus Total, a website for analyzing suspicious software, from an IP address in Belarus.

Another researcher, Kevin Beaumont, who dubbed the vulnerability “Folina,” explained that the malicious document uses the remote template feature in Word to retrieve an HTML file from a remote web server. The file then uses Microsoft’s ms-msdt MSProtocol URI scheme to load more code on a target system, as well as to execute some Powershell commands.

To make matters worse, it is not necessary to open the malicious document to execute its payload. It will run if the document is displayed in the preview tab of Windows Explorer.

Microsoft lists 41 different versions of products affected by Folina, from Windows 7 to Windows 11 and from Server 2008 to Server 2022. Office, Office 2016, Office 2021, and Office 2022 are known and have been shown to be affected, regardless of the version of Windows whatever. Running on.

Log4Shell Comparison Folina appears to be trivially exploitable and very powerful, given its ability to bypass Windows Defender,” Casey Ellis, CTO and founder of Bugcrowd, which operates a crowdsourcing bug bounty platform, told TechNewsWorld.

Folina’s virulence, however, was downplayed by Roger Grimes, a data-driven defense evangelist at KnowBe4, a security awareness training provider in Clearwater, Florida. downloaded or clicked on,” he told TechNewsWorld.

This is not that he continued. Microsoft will have a patch created in a few days or less and if users have not disabled the default auto-patch in Microsoft Office, or are using Office 365, the patch will be automatically applied quickly. This exploit is something to worry about, but it’s not going to take over the world.

Dirk Schrader, global vice president of New Net Technologies, now part of Netwrix, an IT security and compliance software provider, in Naples, Florida, compared Folina to the Log4Shell vulnerability discovered in December 2021 and continuing to affect thousands of users. companies today.

About admin

Kepala Bergetar | Tonton Terkini Melayu Drama Episod Online dan Malay Telefilem, Download Free Malay Drama Dfm2u Video, Filem Malaysia.

Leave a Reply

Your email address will not be published.