A zero-day vulnerability in Microsoft Office was discovered and reported over the weekend that involves remote code execution simply through the opening of a Word document, even in preview. Microsoft has issued CVE-2022-30190 in response to this flaw, though this bug is generally being referred to as the Follina vulnerability. When the malicious Word document is opened even in preview, the file executes malicious PowerShell commands via Microsoft Diagnostic Tool (MSDT). This code works without elevated privileges and is currently evading Microsoft Defender detection.
The following are several blog posts and updates concerning this vulnerability, its functionality, and workarounds in the absence of a patch:
Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability
Comments