TechBriefly
  • Tech
  • Business
  • Science
  • Geek
  • How to
  • About
    • About Tech Briefly
    • Terms and Conditions
    • Privacy Policy
    • Contact Us
    • Languages
      • 中文 (Chinese)
      • Dansk
      • Deutsch
      • Español
      • English
      • Français
      • Nederlands
      • Italiano
      • 日本语 (Japanese)
      • 한국인 (Korean)
      • Norsk
      • Polski
      • Português
      • Pусский (Russian)
      • Suomalainen
      • Svenska
  • FAQ
No Result
View All Result
 Hot Topics:
  • Instagram
  • TikTok
  • Android
  • iOS
  • Telegram
  • Social DM
  • Developer Mode
  • Dall-E Mini
  • Cuphead
  • Stranger Things
TechBriefly
No Result
View All Result
Home Tech Security

Microsoft Word vulnerability enables a backdoor for hackers

This Microsoft Word vulnerability (called Follina by some) has thus far been attributed to the MSDT tool.

by Kerem Gülen
02/06/2022
in Security, Tech
Reading Time: 4 mins read
Microsoft Word vulnerability enables a backdoor for hackers
Share on FacebookShare on Twitter

A new zero-day Microsoft Word vulnerability could give hackers complete control of your computer. Even if you don’t open an infected file, the vulnerability may be exploited.

Despite the fact that we’re still waiting for a fix, Microsoft has already provided a solution to this vulnerability, so if you use MS Office on a regular basis, you should check it out.

Beware of the new Microsoft Word vulnerability

Microsoft Word vulnerability, dubbed Follina by one of the researchers who initially investigated it — Kevin Beaumont, who also published a lengthy post about it — has thus far been attributed to the MSDT tool. It was originally discovered on May 27 via a tweet from nao_sec, although Microsoft apparently first learned of it as early as April. Although no fix has yet been released for it, Microsoft’s solution entails turning off the Microsoft Support Diagnostic Tool (MSDT), which is how the exploit gains access to the computer that is being attacked.

Interesting maldoc was submitted from Belarus. It uses Word's external link to load the HTML and then uses the "ms-msdt" scheme to execute PowerShell code.https://t.co/hTdAfHOUx3 pic.twitter.com/rVSb02ZTwt

— nao_sec (@nao_sec) May 27, 2022

The Microsoft Word vulnerability is a remote code execution failure in MS Word that affects primarily .rtf files. MS Word’s Templates feature allows it to load and execute code from external sources, which Follina utilizes to gain access to the computer and then runs a series of commands that open up MSDT. Under normal circumstances, Windows users may use Microsoft Diagnostic Tool for Windows (MSDT) to solve various problems without issue. Unfortunately, because this tool also gives remote access to your computer, it aids the exploit in taking control of it.

The exploit can operate even if you don’t open the file in the case of .rtf files. Follina can be launched as long as you view it in File Explorer. Once the attacker compromises your computer via MSDT, they have carte blanche to do whatever they want with it. They may download harmful software, leak sensitive data, and more.

A new zero-day Microsoft Word vulnerability could give hackers complete control of your computer. Even if you don't open an infected file, the vulnerability may be exploited.
The Microsoft Word vulnerability is a remote code execution failure in MS Word that affects primarily .rtf files.

Beaumont has included several Follina examples in the past, including how it has already been utilized and discovered in various files. Financial extortion is just one of many things this exploit is being used for. Of course — you don’t want this on your PC.

What to do until Microsoft releases a patch?

There are a few things you may do to avoid the Microsoft Word vulnerability until the company releases a patch to fix it. The official solution, as things stand now, is the workaround; we don’t know for sure what else will come next.

To begin, check if your Office version is one of those affected by the Microsoft Word vulnerability. The bug has been discovered in Office 2013, 2016, 2019, 2021, Office ProPlus, and Office 365 so far. There’s no knowing whether older versions of Microsoft Office are protected; thus, it’s important to take further precautions to safeguard yourself.

It’s not a terrible idea to avoid utilizing. doc, .docx, and.rtf files for the time being if you can do so. Consider migrating to cloud-based services like Google Docs. Only accept and download files from 100 percent-identified sources — which is a good rule of thumb in general. By the way, you can discover everything you need to know about Microsoft Office 2021, by visiting our article.

A new zero-day Microsoft Word vulnerability could give hackers complete control of your computer. Even if you don't open an infected file, the vulnerability may be exploited.
There are a few things you may do to avoid the Microsoft Word vulnerability until the company releases a patch to fix it.

Finally, follow Microsoft’s instructions on disabling MSDT. You’ll need to open the Command Prompt and run it as administrator, then type in a few of statements. If all goes well, you should be safe from Follina. However, keep in mind that caution is always advised.

Below we share the necessary steps to disable the MSDT URL Protocol, provided by Microsoft:

Disabling MSDT URL protocol prevents troubleshooters being launched as links including links throughout the operating system. Troubleshooters can still be accessed using the Get Help application and in system settings as other or additional troubleshooters. Follow these steps to disable:

  1. Run Command Prompt as Administrator.
  2. To back up the registry key, execute the command “reg export HKEY_CLASSES_ROOT\ms-msdt filename“
  3. Execute the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f”.

How to undo the workaround

  1. Run Command Prompt as Administrator.

  2. To restore the registry key, execute the command “reg import filename”

Microsoft is not the only victim of cyberattacks, for instance, hackers try to target European officials to get info on Ukrainian refugees, supplies.

Tags: featuredhackmicrosoft wordvulnerability

Related Posts

Comparison: Samsung Galaxy Z Fold 4 vs Xiaomi Mix Fold 2

Comparison: Samsung Galaxy Z Fold 4 vs Xiaomi Mix Fold 2

Xiaomi Mix Fold 2: Specs, price, and release date

Xiaomi Mix Fold 2: Specs, price, and release date

Is the inverted filter on TikTok how others see you?

Is the inverted filter on TikTok how others see you?

Official PlayStation games for PC page launched

Official PlayStation games for PC page launched

Web Stories

Bonus program Meta for creator
Bonus program Meta for creator
How to become a famous author in Bitlife?
How to become a famous author in Bitlife?

POPULAR

What is the planet order in Snapchat Plus?

How to download all photos and videos from a Telegram chat?

How to fix stuck on connecting to CS:GO network?

RCM Loader for Nintendo Switch: What is it, how can you install?

How to rejoin a Telegram group that you have left?

What is Spotify color palette and how to get it?

Who is the most Googled person in 2022 (Top 10)?

How to see which posts you have liked on Facebook?

LATEST FROM THE FORUM

older than google

notepad++ paste without formatting

magic eye generator

iphone x in 2022

manga english translation

linux format sd card

laundry cost calculator

macbook uptime

pokemon ios emulator

please run channel auto scan without remote

msi afterburner on screen display not showing

itt slang

kmode exception not handled boot loop

mouse pad hard vs soft

paypal sugar daddy scam

is cash app flip a scam

iphone doing things on its own

multiple pbap properties

movie theater glasses

nest thermostat away mode

TechBriefly

© 2021 TechBriefly is a Linkmedya brand.

  • About Tech Briefly
  • Ask your question
  • Contact Us
  • Dall-E mini
  • Forum
  • Privacy Policy
  • Q&A base
  • TechBriefly
  • Terms and Conditions

Follow Us

No Result
View All Result
  • Tech
  • Business
  • Science
  • Geek
  • How to
  • About
    • About Tech Briefly
    • Terms and Conditions
    • Privacy Policy
    • Contact Us
    • Languages
      • 中文 (Chinese)
      • Dansk
      • Deutsch
      • Español
      • English
      • Français
      • Nederlands
      • Italiano
      • 日本语 (Japanese)
      • 한국인 (Korean)
      • Norsk
      • Polski
      • Português
      • Pусский (Russian)
      • Suomalainen
      • Svenska
  • FAQ

Bonus program Meta for creator How to become a famous author in Bitlife?