Share
Be careful when opening .DOC documents, as they could expose your computer to a virus. Here’s what’s known so far and what you can do to avoid infection.
If you’re a Microsoft Office user, you most likely have some .DOC documents on your desktop or in folders you’ve created, right? eye! A vulnerability has just been discovered that accesses the computer through the opening of this type of file. His camouflage is total, so quick protection required in order to avoid massive infection.
The main problem with this virus is that is able to generate code, which has a direct implication in the infection of the entire system. Solving this problem by introducing barriers is very important, something that takes on an even more prominent role considering that Microsoft has not offered an alternative through its OTA update system.
The .doc file can be the entry mechanism for some viruses YouTube
One of the additional problems with this proposal is that it may use the Microsoft diagnostics tool (MSDT) to load and execute PowerShell code. In this sense, giving access to another user is of great importance, since it allows exposing the passwords of multiple profiles in which we have an account.
A new virus that infiltrates the computer with .DOC documents
Apparently it is about a virus that originates from Belarus. According to the profile Twitter nao_sec, this anomaly has been able to access the system thanks to a double vulnerability. For one thing, Office allows you to load HTML templates into Word without filtering. This makes it easier for viruses to gain access through files of this class. And, on the other hand, there is the MSDT tool, which allows the execution of code.
Interesting maldoc was submitted from Belarus. It uses Word’s external link to load the HTML and then uses the “ms-msdt” scheme to execute PowerShell code.https://t.co/hTdAfHOUx3 pic.twitter.com/rVSb02ZTwt
— naosec (@nosec) May 27, 2022
The versions affected by this virus are Office 2013, 2016, 2019, 2021, Office ProPlus y Office 365. Fortunately, work is already underway with the goal of releasing security patches soon. Even so, you can already take a few simple steps in order to reduce your exposure to this problem.
On the one hand, the company 0patch, in charge of Microsoft’s unofficial security management, has released an update so you can protect yourself from this new virus. However, in order to access it you must be registered on the virtual platform that the company has.
On the other hand, it has spread a workaround among the Redit community. The space HKLMSOFTWAREPoliciesMicrosoftWindowsScriptedDiagnostics must be accessed and the variable ‘EnableDiagnostics’ must be assigned the value ‘0’ (disabled). If it does not exist, a REG_DWORD type variable must be created with that name.
Even so, it should be noted that this technology is expected to It will be fixed in the next few weeks. in the most common way, that is, through a simple and quick update of the operating system. Similarly, it is important to point out that this is a very focused problem, so a massive infection of computer equipment is not expected throughout this time.
Related topics: Security
Share