Malicious Actors Use 'Follina' Zero Day Flaw in Microsoft Office for Remote Code Execution
Latest EnemyBot variants now target CMS and Android, Interpol busts three Nigerian men for targeting oil and gas companies, University credentials advertised on cybercrime forums, much more
Metacurity is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.
A new Microsoft Office zero-day vulnerability referred to by the infosec community as Follina and now assigned the identifier CVE-2022-30190 is being used in attacks to execute malicious PowerShell commands via Microsoft Diagnostic Tool (MSDT) simply by opening a Word document.
This new zero day enables a new critical attack vector leveraging Microsoft Office programs. It works without elevated privileges, bypasses Windows Defender detection, and does not need macro code to be enabled to execute binaries or scripts. Security researcher Kevin Beaumont deobfuscated the code and said it is a command-line string that Microsoft Word executes using MSDT, even if macro scripts are disabled.
Multiple security researchers have analyzed a malicious document shared by a security researcher who goes by @nao_sec on Twitter and success…
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.