A new “zero-day” vulnerability discovered in microsoft-office and more specifically in Microsoft Wordby the ‘Naosec’ cybersecurity team, allows the hackers remotely access the computer of a user to steal personal data.
The vulnerability, dubbed ‘Follina’ by researcher Kevin Beaumont, appears to affect different versions of the Microsoft Office suite. This includes versions from 2013 to 2021 and even Office ProPlus Y office 365.
What is this Word bug?
The bug specifically allows the execution of commands from PowerShell via MSDT, a software support tool microsoft. All this, thanks to a simple word document.
Beaumont noted in a post that the “document uses the remote template function” of Microsoft’s text editing program to “get HTML from a remote web server,” while also using the “msmsdt MSProtocol” URI scheme to load code and run it in the aforementioned console interface. All this, without being detected by Windows Defender and even working with macros disabled.
Though Microsoft classified it as a zero-day vulnerability a few hours ago, the vulnerability has been present in the Office suite for weeks, according to Beaumont. Hackers appear to be using Word documents with content intended to draw the attention of victims.
Among them, the testimony of a person who was a victim of sexual harassment or even interview requests for a Russian media. Also, remote access is gained immediately after opening the document and in some cases even previewing it in File Explorer.
Two measures to prevent a hacker from controlling a PC through the new Word bug
Microsoft, by not initially treating this vulnerability as such, is already looking for a solution, so it is likely that in the coming days the Office suite and even Windows receive a new security update to fix the problem.
Meanwhile, users can take some measurements To completely prevent hackers from breaking into your computers:
– One of these measures is avoid opening or downloading unknown documents. For example, the files that come by email. Remember that the vulnerability is loaded with a remote Word template. Therefore, and as mentioned above, it is very difficult for Microsoft Defender or any other software similar antivirus detect the file as a threat.
– It is also possible, on the other hand, disable certain features and processes of Microsoft Word, such as preventing Office applications from creating threads or manually deleting the ‘msmsdt’ file through the Windows editor. This will prevent Microsoft from running this process.
How to avoid losing a document if Microsoft Word closes
First, you have to run the program in the usual way.
Then go to the settings page that Office has to customize the behavior of the text editor. This is achieved by simply going to the menu File, Archive of the main interface of Word and selecting the input options that will be seen on the screen.
In the left pane of the window, enter Save.
The first thing to change is the auto save time. This way, if there is a sudden error with the computer or with said program, the data will not be lost because the file has been recently recorded.
But that’s not all, but at the same time a disk path can be specified for backup files to be saved.
This will allow you to locate the corresponding temporary files Immediately in case something goes wrong on the PC or Word suddenly closes.