News

Follina - a Microsoft Office code execution zero day, now exploited in the wild

  • 2 June 2022
  • 0 replies
  • 24 views
Follina - a Microsoft Office code execution zero day, now exploited in the wild
Userlevel 5
Badge +3
  • Community Manager
  • 24 replies

Nao_sec identified an odd looking Word document in the wild, uploaded from an IP address in Belarus.
This turned out to be a zero day vulnerability in Office and/or Windows.
Defender for Endpoint missed execution.
The document uses the Word remote template feature to retrieve a HTML file from a remote webserver, which in turn uses the ms-msdt MSProtocol URI scheme to load some code and execute some PowerShell.


0 replies

Be the first to reply!

Reply