Zero-day vuln in Microsoft Office: ‘Follina’ will work even when macros are disabled

30 May 2022

Infosec researchers have idenitied a zero-day code execution vulnerability in Microsoft’s ubiquitous Office software. Dubbed “Follina”, the vulnerability has been floating around for a while (cybersecurity researcher Kevin Beaumont traced it back to a report made to Microsoft on April 12) and uses Office functionality to retrieve a HTML file which in turn makes use of the Microsoft Support Diagnostic Tool (MSDT) to run some code.

Read full article on The Register

Date:

30 May 2022

Categorie(s):

NEWS

Tag(s):

Malware, New, Researchers, Zero Day Vulnerability, Zero Days

AI Helps Improve About Managed Detection and Response26 April 2024
TikTok, Flowmon, Cisco, Brokewell, RuggedCom, Deepfakes, Non-Competes, Aaran Leyland – SWN #38126 April 2024
Impact of organizational structure on ransomware outcomes: Where does your org fit in?26 April 2024
Hackers try to exploit WordPress plugin vulnerability that’s as severe as it gets26 April 2024
Kaiser Permanente handed over 13.4M people’s data to Microsoft, Google, others26 April 2024