A zero day exploit was discovered in Microsoft Office over the weekend that MSFT had previously been alerted to in April by a researcher. This vulnerability, dubbed “Follina”, can be exploited by an attacker sending a URL to a vulnerable machine. Successful exploitation allows an attacker to install programs, view or change data, or create new accounts in line with the victim’s user permissions.
And a comment from Claire Tills, senior research engineer, Tenable:
“Over the weekend, researchers began discussing a zero-day remote code execution vulnerability that can be exploited via Microsoft Office documents, a favored vector for threat actors. On Monday, Microsoft released some official details for CVE-2022-30190, noting that the RCE impacted its Microsoft Windows Diagnostic Tools, but did not release any patches. Microsoft has provided a mitigation recommendation.
“The RCE appears to have been exploited as far back as April, and recently came to broad public attention after a researcher began investigating a malicious sample on VirusTotal. Over the weekend, multiple researchers reproduced the issue and determined that it is a “zero click” exploit, meaning that no user interaction is required. Given the similarities between CVE-2022-30190 and CVE-2021-40444, and that researchers speculate other protocol handlers may also be vulnerable, we expect to see further developments and exploitation attempts of this issue.
“Because this is a zero click exploit, there isn’t as much individual users can do, however, a healthy dose of skepticism goes a long way. Users should always be suspicious of attachments from untrusted sources.”