MADRID, 31 May. (Portaltic/EP) –
And word document opens the door to the execution of malicious code on a computer through a zero day vulnerability found in the office suite Microsoft Officewith ability to act even if macros are disabled.
The cybersecurity group no_sec identified last week a zero-day vulnerability in Microsoft Office, which the researcher Kevin Beaumont called Follina in a subsequent investigation, because the reference of the analyzed sample, 0438, coincided with the postal code of the Italian town of the same name.
Through a specially crafted Word file, a cyber attacker can take advantage of Follina to run PowerShell commands with the Microsoft Diagnostic Tool (MSDT), which sends information about the status of the system.
This malicious code execution bypasses Windows Defender detection and can be done even if macros have been disableda series of instructions that are grouped into a command to perform a task automatically.
Beaumont explica en a blog post that the Word document “uses the remote template function to retrieve an HTML file from a remote server, which in turn uses the ms-msdt MSProtocol URI scheme to load code and run PowerShell.” This, as he points out, “should not be possible.”
The impact on the user’s equipment is immediate, just open the Word document. The cyber attacker would have access to the system, with the ability to collect password hashes from Windows machines.