May 31 — Microsoft recently released mitigation information for a zero day vulnerability within the Microsoft Office suite. If exploited, the bug can enable remote code execution on a victim’s machine.
The vulnerability, dubbed “Follina,” relies on a word document using a remote template feature to retrieve an HTML File from a remote server, and through the use of an MS-MSDT MSProtocol URL scheme, it can manage to execute a PowerShell.
Who is vulnerable?
According to Check Point Software, Office versions 2013, 2016, 2019 2021 and some versions of Office associated with a Microsoft 365 license are subject to this vulnerability on certain Windows machines.
Remote Code Execution
The danger inherent in this bug stems from the fact that it can allow for Remote Code Execution, which means that malicious code will execute on a device, potentially enabling a hacker to gain full control over the compromised machine.
Who is protected
Check Point Software’s threat extraction tools deliver sanitized, threat-free files to users in real-time. Email attachments and web downloads that may be affected by this vulnerability are sanitized almost instantly upon receipt. In turn, users are generally not exposed to the risks embedded in the malicious files.
Get more information
For more information about how Check Point protects users from the “Follina” zero day exploit, click here. For a deep-dive into this exploit, see CyberTalk.org’s article coverage. Lastly, to receive cutting-edge cyber security news, exclusive interviews, expert analyses and security resources, please sign up for the CyberTalk.org newsletter.