Hackers Can Take Control Of Your PC Through Microsoft Office: How To Avoid It?
Using an infected Microsoft Word document, hackers can execute a code through a vulnerability called "Follina." If you've opened a malicious Word document in recent times, you could also be infected with Follina
A new hacking campaign is taking advantage of a Microsoft Office vulnerability. Independent research group "nao_sec" has identified a new zero-day vulnerability, implying that neither Microsoft nor any anti-virus vendors were aware of this exploit.
Using an infected Microsoft Word document, hackers can execute a code through a vulnerability called "Follina." If you've opened a malicious Word document in recent times, you could also be infected with Follina.
The dangers of Follina
While Word documents are mistakenly considered benign, this new exploit can give Follina the ability to give commands for automated tasks. Building on it, hackers can install and delete programmes, view and modify data, and also may be able to create new accounts through access to personal information.
Interesting maldoc was submitted from Belarus. It uses Word's external link to load the HTML and then uses the "ms-msdt" scheme to execute PowerShell code.https://t.co/hTdAfHOUx3 pic.twitter.com/rVSb02ZTwt
¡ª nao_sec (@nao_sec) May 27, 2022
Which versions are affected? According to the Tokyo-based research group, Microsoft Office 2013 and 2021 are vulnerable to Follina attacks. Even licenced versions of Microsoft 365 on Windows 10 and 11 aren't safe.
Also read: Hackers Can Now Hijack Your Accounts Even Before You Create Them: Here's How
The threat has since been acknowledged by Microsoft, but the bad news is that there is no patch to wade off Follina on Microsoft Word. To help users cope with potential data loss to Follina, Microsoft has meted out a set of guidelines to cope.
What you can do
For starters, if you're worried about the vulnerability, simply disable the Microsoft Support Diagnostics Tool (MSDT) URL protocol. In Microsoft's words:
- 1. Run Command Prompt as Administrator.
- 2. To back up the registry key, execute the command ¡°reg export HKEY_CLASSES_ROOTms-msdt filename¡°
- 3. Execute the command ¡°reg delete HKEY_CLASSES_ROOTms-msdt /f¡±.
Also read: How Hackers Are Beating Multi-Factor Authentication Simply By 'Annoying' Users
When the threat passes, you may also undo this. Again, in Microsoft's words:
- 1. Run Command Prompt as Administrator.
- 2. To restore the registry key, execute the command ¡°reg import filename¡±
You can read Microsoft's blog post on the vulnerability here.
Do you think any part of the internet is safe from hackers at this point? Let us know in the comments below. For more in the world of technology and science, keep reading Indiatimes.com.