Beware .. Microsoft Office reveals a serious security vulnerability

Microsoft Office has exposed a critical vulnerability known as Follina that allows remote execution of malicious code across Windows systems.

The high-risk vulnerability – tracked as CVE-2022-30190 – is used in attacks to execute malicious PowerShell commands via Microsoft’s diagnostic tool when opening or previewing specially prepared Office documents, according to (Al-Ain News).

Current analysis indicates that Follina affects Office 2013, 2016, 2019, 2021, Office Pro Plus, and Office 365, according to the aitnews portal.

The flaw could circumvent Microsoft’s Protected View feature, an Office tool that warns of potentially harmful files and documents.

Researchers warned that converting the document to an RTF file could allow attackers to bypass this warning, and the vulnerability could be exploited without any clicks by hovering over a downloaded file to preview it. to user rights.

Cyber ​​security researchers have noticed that hackers have been exploiting the vulnerability to target Russian and Belarusian users since April, and Microsoft received reports about Follina on April 12, after Word documents were found exploiting the flaw.

However, the researcher who reported the bug said: Microsoft initially classified the bug as not a security issue, and the software giant later reported to the researcher that the problem had been fixed, but a patch doesn’t seem to be available.

Microsoft has released guidelines to prevent attacks that exploit CVE-2022-30190 by disabling the MSDT URL protocol, along with the preview panel in Windows Explorer.

Microsoft Windows provides Defender antivirus software built into the operating system, which is sufficient against viruses and malware.

But there is a better way to protect against cyber attacks, and that is to rely on free antivirus software.



Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.