A new Microsoft Office zero-day security vulnerability allows adversaries to execute PowerShell commands via Microsoft Diagnostic Tool (MSDT) by opening a Word document. A remote, unauthenticated attacker could exploit this vulnerability to take control of an affected system.  Security researcher Kevin Beaumont named the vulnerability “Follina” (the zero day code references the Italy-based area code of Follina – 0438) after discovering a malicious Word document that was uploaded to Google-owned VirusTotal on May 25 from an IP address in Belarus.  According to cybersecurity firm Huntress, users should be vigilant about opening any attachments and should be made aware that this exploit can be triggered with “a hover-preview of a downloaded file that does not require any clicks (post download).” Bugcrowd Chief Technology Officer (CTO) Casey Ellis says the vulnerability appears trivially exploitable and very powerful/flexible in the security context of the logged-in user, given its ability to bypass Windows Defender.

Read full article on Security Magazine