The latest Microsoft vulnerability has been discovered, and this one allows infected Word documents to execute malicious code.
This vulnerability, dubbed Follina by security researchers, is of the zero-day variety and has the potential to hand control of your PC over to threat actors. Word documents, of course, are some of the most regularly used files in business, and it’s likely your organization uses these throughout the day. This allows Follina to adopt a stealthy approach, one where your employees are unlikely to question what appears to be a harmless Word document.
What is Follina?
At the heart of the Follina exploit is an infected Word document, one which is packed with code designed to download a HTML file from a remote location. This file, which is brought into your internal network, uses the Microsoft troubleshooting app MSDT to load further code and execute Powershell – a Microsoft app used to automate management of tasks.
Typically, infected Word documents require the recipient to enable macros before any payload can be released. However, the Word document associated with Follina can bypass disabled macros. In fact, the recipient doesn’t even need to fully open the document, its malicious contents can even be activated when the Word document is in preview mode. For this reason, Follina has been categorized as a zero-click attack.
Follina is likely to be employed in phishing attacks, either through email attachments or by sending a malicious link to victims. As such, Follina can spread quickly and in large numbers. It can be considered a major threat and one which can give full control of an infected PC to the threat actors behind it.
How to Protect Against Follina
As of this time of writing, Microsoft has failed to issue a security patch against the Follina exploit. However, this doesn’t mean that your organization has to fall victim to Follina. Microsoft has provided some guidance, a set of instructions which advise users how to disable MSDT’s URL protocol. PC users have also been informed that disabling ‘Troubleshooting wizards’ entries in their system’s registry will help protect them.
While these recommendations should only be implemented by an IT professional, there is one simple piece of advice which all employees need to be aware of:
- Understand what a suspicious document is: it’s important that PC users are aware of not only what a suspicious document can do, but what they look like. Naturally, evaluating the source of this document is crucial; if a Word document (or indeed any file) has been emailed from an unfamiliar email account, then it should be scrutinized closely. Even if it has arrived via, for example, a work colleague, even the slightest suspicion means that you should tread carefully and seek verbal confirmation from the sender that it’s genuine.
Final Thoughts
Vulnerabilities are never going to go away, the sheer complexity behind PC hardware and software means that there will always be room for exploits to be discovered. And this is where the vigilance of your employees needs to be at its strongest. Although Follina, for example, is classed a zero-click attack, it still requires the input of an employee to activate it. Therefore, ensure that regular cybersecurity training is given to limit the risk of falling victim to these attacks.
For more ways to secure and optimize your business technology, contact your local IT professionals.
