Security experts recently discovered a vulnerability in Microsoft Office that allows malicious PowerShell commands to be executed. This is simply by opening a Word document.
According to security experts, Weakness, dubbed “Follina” and CVE-2022-30190, it is possible to activate PowerShell commands through the Microsoft Diagnostic Tool (MSDT). This is simply by opening maliciously modified Word documents.
under the cover
The vulnerability uses the external link of a Word document to load malicious HTML code. Then it runs the malicious PowerShell code via the “ms-msdt” scheme. Ultimately, the PowerShell code causes other malicious code to load and execute.
The code can be run even without opening a Word document. The Protected View features in MS Office alert you that your document may contain malicious code. Changing the document from a Word file to the RTF format allows hidden code to run without even opening the document. This happens because the document is opened in preview mode in Explorer.
The affected versions of Microsoft Office are MS Office 2013, 2016, Office Pro Plus as of April 2022 (on Windows 11 with May 2022 updates), and a patched version of MS Office 2021.
Microsoft’s response
In April, Microsoft was ranked the highest for a zero-day Office vulnerability. The tech giant initially dismissed the vulnerability as insignificant. It now appears that later that month, the tech giant has addressed and fixed the vulnerability.
