Etek

Blogs

Critical vulnerability in windows is exploited via office documents

Based on the Microsoft Support Diagnostic Tool (MSDT), Microsoft issues vulnerability CVE-2022-30190.

Microsoft Office vulnerability dubbed "Follina" is recently disclosed in attacks targeting government entities in Europe and the US.

The Follina vulnerability is characterized mainly by the easy exploitability that a cybercriminal can have since they will be able to use Office documents without the need to place malicious code in the macros of a document to execute malware on a victim’s computer.

Researchers from the Nao Sec team reported a new zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT) that can be exploited with Microsoft Office documents at the end of May this year identified as CVE- 2022-30190.

An attacker who successfully exploits this vulnerability can execute arbitrary code using the privileges of the application making the call. The attacker can then install programs, view, change or delete data, or create new accounts in the scope allowed by the rights acquired for the user.

The document uses Word’s remote template function to retrieve an HTML file from a remote web server, which in turn uses the MSProtocol ms-msdt URI scheme to load code and run PowerShell.

Protected View is enabled, although if you change the document to RTF format, it runs without even opening the document (via the preview tab in Explorer), let alone Protected View.

 

The issue affects several versions of Microsoft Office, including Office, Office 2016 and Office 2021.

LinkedIn
Facebook
Twitter
Print
Email

Apply Now