Complete News World

Office Word problemas segurança falha

If you use Office on Windows, beware of this security flaw

Security issues choose neither time nor platforms to operate. They are detected randomly and are always caught by surprise for users who are affected by it.

The latest victim appears to be Office Word, which can leave Windows vulnerable to problems with a minor security vulnerability. The situation is serious and users should protect themselves.

This Microsoft Office flaw was discovered by independent security researchers, and is the latest notable issue. If exploited, it can facilitate remote execution of malicious code from a simple opening of a document in Word.

This flaw was initially called “Follina,” and it is being exploited by the well-known Microsoft Diagnostic Tool (MSDT). In this case, it is used by attackers to execute malicious PowerShell commands, without the need to exploit elevated privileges and without being detected by Windows Defender.

What is most intriguing is the lack of reliance on macros or other elements commonly used in attacks on these platforms. It only requires opening a Word document. After this step there are external links to use in remote code execution.

It has also been revealed that PowerShell commands can run even without this document open. It is enough for an attacker to change the file format to Rich Text Format (RTF), which also prevents the attacker from being detected by Word's security elements.

See also  Plug-ins will provide new ways to use

Office Word security issues crash

Although Microsoft acknowledged it, this security flaw still didn't exist. a recommended is to disable the MSDT URL protocol and enable Microsoft Defender Antivirus cloud protection to mitigate the risks of this attack.

This is another situation that Microsoft has to resolve as soon as possible, in order to keep users protected. Its attack vector is a very simple thing, so its risk factor is even higher.