A New Follina Zero-Day Vulnerability Is Exploiting Microsoft Word Files To Attack Windows Systems

A new zero-day vulnerability found in Microsoft Office can allow attackers to execute a code in a user’s computer using a malicious Microsoft Word file.

The vulnerability, named Follina infects the user’s system the moment they open the malicious Word document. The document does this by executing something called a PowerShell command and it does so by using the Microsoft Diagnostic Tool. Researchers suggest that the Follina vulnerability has impacted Office 2013 and newer versions. Microsoft has not issued a fix yet.

ALSO READ: Zoom Has A New Malware Threat That Can Be Used To Attack Your Phone: All Details

The Follina vulnerability was first found by Nao_sec, a Tokyo-based cybersecurity research organisation. It disclosed the Follina vulnerability in a post on Twitter last week. According to the cybersecurity firm, the issue allows the attackers to use Microsoft Word to execute a malicious code on the victim’s computer.

A security researcher named Kevin Beaumont says that the document uses the Word remote template feature to retrieve an HTML file from a remote server, which in turn uses a Microsoft protocol to load some code and execute PowerShell. He said that a file exploiting a loophole targeted a user in Russia about a month ago.

ALSO READ: DuckDuckGo Faces Backlash for Allowing Microsoft to Track Data

Microsoft Office 2013 and later versions, including Office 2021 have been found vulnerable to the attacks. Some versions included with a Microsoft 365 license couuld also be vulnerable on both Windows 10 and Windows 11 systems.

Microsoft has been informed about the vulnerability, but the tech giant is yet to launch a fix for this issue. It is also being said that Microsoft did not consider this a security issue initially. While it has acknowledged the vulnerability, Microsoft is yet to release a fix for this.

Read all the Latest News , Breaking News and IPL 2022 Live Updates here.