Daily Tech News, Interviews, Reviews and Updates

Microsoft Releases Workarounds for Actively Exploited Office Vulnerability

WorldNew ReleaseSoftware & Apps
By Iti Dewangan
Microsoft Releases Workarounds for Actively Exploited Office Vulnerability
Image Source: Microsoft Developer

Microsoft Corporation is an American multinational technology corporation that produces computer software, consumer electronics, personal computers, and related services.

Microsoft released advice on Monday for a newly found zero-day security hole in its Office productivity suite, which may be used to execute code on affected systems. The vulnerability, now known as CVE-2022-30190, has a severity rating of 7.8 out of 10 on the CVSS vulnerability assessment system. The affected versions of Microsoft Office are Office 2013, Office 2016, Office 2019, and Office 2021, as well as Professional Plus editions.

The Follina vulnerability, which was discovered late last week, involved a real-world exploit that used the “ms-msdt:” URI scheme to execute arbitrary PowerShell code by exploiting a flaw in a weaponized Word document. From Belarus, the sample was uploaded to VirusTotal.

However, the issue was first exploited on April 12, 2022, when a second sample was added to the malware database. This artifact is thought to have targeted Russian users with a malicious Word document (pилаение на интерв.doc) posing as an invitation to an interview with Sputnik Radio.

You Might Also Like

Gemini App Now Available On iPhone Users; New File Upload…

PayPal Launches New Group Money Pooling Feature Across…

According to screenshots shared on Twitter by the researcher, Microsoft closed the vulnerability submission report on April 21, 2022, stating that “the issue has been fixed,” while also dismissing the flaw as “not a security issue” because it requires a passkey provided by a support technician when starting the diagnostic tool.

In addition to releasing detection rules for Microsoft Defender for Endpoint, the Redmond-based firm has provided solutions in its documentation for disabling the MSDT URL protocol via a Windows Registry change.

This isn’t the first time that Microsoft Office protocol schemes like “ms-msdt:” have been scrutinized for possible abuse. SySS, a German cybersecurity firm, revealed in January how to open files directly using carefully crafted URLs like

“ms excel:ofv|u|https://192.168.1.10/poc[.]xls.”

Get real time updates directly on you device, subscribe now.

Iti Dewangan 132 posts

I am a 1st-year journalism student. I am from Champa, Chhattisgarh, a selective social person and likes to read poems, listen to music and watch movies/shows. She is determined towards her career.

You might also like
Software & Apps

Gemini App Now Available On iPhone Users; New File Upload Feature Introduced In…

Software & Apps

PayPal Launches New Group Money Pooling Feature Across Multiple Countries

Software & Apps

Microsoft Officially Released its Windows 11 ISO for ARM PCs: Now Available for…

Apps

WhatsApp Introduces Avatar Creation Feature for Android and iOS Users