New Microsoft Office zero-day used in attacks to execute PowerShell
Credit:
Bleeping Computer
Security researchers have discovered a new Microsoft Office zero-day vulnerability that is being used in attacks to execute malicious PowerShell commands via Microsoft Diagnostic Tool (MSDT) simply by opening a Word document.
The vulnerability, which has yet to receive a tracking number and is referred to by the infosec community as 'Follina,' is leveraged using malicious Word documents that execute PowerShell commands via the MSDT.
This new Follina zero-day opens the door to a new critical attack vector leveraging Microsoft Office programs as it works without elevated privileges, bypasses Windows Defender detection, and does not need macro code to be enabled to execute binaries or scripts.