CHINESE hackers have exploited a new vulnerability in Microsoft Office – here’s how to protect yourself.
A new zero-day flaw in Microsoft Office dubbed “Follina” is being armed by China-backed threat actor TA413, The Hacker News reported.
“Zero-day” vulnerabilities are vulnerabilities that have not yet been patched or fixed by software developers – meaning they are fully exploitable by hackers and cybercriminals.
They often stem from previously unknown problems and are particularly dangerous until programmers can fix the problem.
Once a solution patch is written and used, the exploit is no longer referred to as a zero-day exploit.
The Follina bug — also tracked as CVE-2022-30190 (CVSS score: 7.8) — can be used to run code on Windows systems, Microsoft warned in a recent statement.
After successful exploitation, the attacker can then “install programs, view, modify or delete data, or create new accounts in the context allowed by user rights,” the tech giant added.
Found specifically in the Microsoft Support Diagnostic Tool (MSDT), Follina affects Microsoft Office versions 2013 through Office 2019, Office 2021, Office 365, and Office ProPlus, according to Dark Reading.
Attackers use specially crafted Office documents to trigger the exploit.
“TA413 CN APT detected Follina zero-day exploitation by using URLs to deliver ZIP archives containing Word documents using this technique,” security firm Proofpoint said explained in a tweet.
“The campaigns mimic the Central Tibetan Administration’s ‘Women Empowerments Desk’ and use the Tibet-gov.web domain[.]Application.”
The attacker – or group – is known for targeting the Tibetan diaspora to “deliver implants like Exile RAT and Sepulcher, as well as a rogue Firefox browser extension called FriarFox,” according to The Hacker News.
How to protect yourself or your organization
Although no official patch is currently available, Microsoft has advised users to take precautions to reduce the risk of being attacked.
First of all, users should disable MSDT URL protocol to prevent the attack.
“Disabling the MSDT URL protocol prevents troubleshooters from launching as links, including OS-wide links,” Microsoft said.
To disable the MSDT URL, first run the command prompt as an administrator.
Then backup the registry key and run the command “reg export HKEY_CLASSES_ROOT\ms-msdt filename“,
Finally, run the “reg delete HKEY_CLASSES_ROOT\ms-msdt /f” command.
Microsoft has also indicated that users should run Microsoft Defender Antivirus if they have it.
Defender enables cloud-delivered protection and automatic pattern submission, enabling new and unknown threats to be quickly identified and stopped.
Additionally, some experts have recommended that users turn off the preview pane in File Explorer.
To do this, open File Explorer > click View tab > tap on the preview window to show or hide it.
We pay for your stories!
Do you have a story for The US Sun team?
https://www.the-sun.com/tech/5467223/microsoft-warning-billions-office-hacked-chinese/ Microsoft ‘zero-day’ warning for BILLIONS after Office was hacked by Chinese cyber crooks – change your settings NOW