ZeroDay Vulnerability in MS Word


Attack could execute malicious code even if macros are disabled.

A recently discovered zero-day vulnerability allows an attacker to pass malicious code to Microsoft Word even if Word macros are disabled. The Follina attack uses MS Office functionality to retrieve an HTML file that then accesses the Microsoft Support Diagnostics Tool (MSDT) to run some code on the system. Current examples execute code in the user’s security context, but the possibility exists for later privilege escalation using the gamut of known intrusion techniques.

No direct fix is available at this writing. Mitigation suggestions include using the Microsoft Defender's Attack Surface Reduction (ASR) rules to block Office applications from creating child processes or removing the file type designation for ms-msdt so MSDT won’t automatically execute the malicious code.


Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=