CHINESE hackers have been exploiting a new vulnerability in Microsoft Office – here’s how to protect yourself.
A new zero-day flaw in Microsoft Office dubbed ‘Follina’ is being weaponized by China-backed threat actor TA413, The Hacker News reported.
1
Zero-day exploits often stem from an “in-the-wild” unknown issue and expose a vulnerability in software or hardware that can lead to further problems.
Once a solution patch is written and used, the exploit is no longer called a zero-day exploit.
Particularly, Follina tracked as CVE-2022-30190 (CVSS score: 7.8), can be used to execute code on Windows systems, Microsoft warned in a recent statement.
Once successfully exploited, the attacker can then “install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights,” the tech giant added.
Follina is found specifically in the Microsoft Support Diagnostic Tool (MSDT) and affects Microsoft Office versions 2013 through Office 2019, Office 2021, Office 365, and Office ProPlus, per Dark Reading.
Bad actors are using specially-crafted Office documents to trigger the exploit.
“TA413 CN APT spotted exploiting the Follina zero-day using URLs to deliver ZIP archives which contain Word Documents that use the technique,” security firm Proofpoint further explained in a tweet.
“Campaigns impersonate the ‘Women Empowerments Desk’ of the Central Tibetan Administration and use the domain Tibet-gov.web[.]app.”
Most read in Tech
The threat actor – or group – is known for targeting the Tibetan diaspora to “deliver implants such as Exile RAT and Sepulcher as well as a rogue Firefox browser extension dubbed FriarFox,” according to The Hacker News.
How to protect yourself or your organization
While there is no official patch available right now, Microsoft has recommended users take precautions to mitigate their risk of being targeted.
First, users should disable the MSDT URL protocol to prevent the attack.
“Disabling MSDT URL protocol prevents troubleshooters being launched as links, including links throughout the operating system,” Microsoft said.
To disable MSDT URL, first, run Command Prompt as Administrator.
Then back up the registry key, and execute the command “reg export HKEY_CLASSES_ROOT\ms-msdt filename“,
Finally, execute the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f”.
Microsoft also noted that users run Microsoft Defender Antivirus if they have it.
Defender turns on cloud-delivered protection and automatic sample submission, which can quickly identify and stop new and unknown threats.
Furthermore, some experts have advised that users turn off the Preview Pane in File Explorer.
To do this, open File Explorer > click on View Tab > tap on Preview Pane to view or hide it.
We pay for your stories!
Do you have a story for The US Sun team?
This post first appeared on Thesun.co.uk
