Security researchers have uncovered a Microsoft Office Zero-Day Security Vulnerability that uses Word to launch Powershell attacks via the Microsoft Diagnostic Tool (MSDT). The attack is launched by opening a Word document and executes even if you block macros from running.
The purpose of this article is to explore zero-day vulnerabilities along with this MS Office vulnerability and what can be done to protect yourself from this vulnerability.
What is a Zero-Day Vulnerability?
A zero-day vulnerability is a security vulnerability that has not yet been patched by the software developer. In other words, the developer is unaware of the vulnerability and has not yet developed a patch for it. Zero-day vulnerabilities are often difficult to detect due to the lack of patches and attackers can exploit them for a long period before the vulnerability is patched. For example, it is possible for an attacker to zero-day an attack on a system that has not yet been patched.
What Is Follina Office Zero-Day Vulnerability?
Follina Office Zero-Day Vulnerability is a zero-day vulnerability that allows hackers and cyber criminals to remotely access the computer without being detected through a Word Document. This vulnerabilities allows attackers to run code with privileges of the calling application. With this access, attackers can install applications, view, change, or delete data. Since they have administrative privileges, they can create new accounts. This vulnerability was uncovered in April by security researchers.
How Does A Zero-Day Vulnerability Work?
Zero-Day Vulnerabilities are a type of software vulnerability that has not yet been patched. They are characterized by being unknown to the developer or the user, and as such, they cannot be defended against.
In order to exploit a Zero-Day vulnerability, an attacker needs to know about it before it is patched. This is why Zero-Day vulnerabilities are so dangerous because they can be leveraged by malicious actors for a long time before they are discovered and fixed.
Attackers can exploit the vulnerability and create malware such as ransomware and install backdoors.
What are \”backdoors\” and how do they work?
A backdoor is a hidden way to access a computer system without authorization.
Backdoors can be used for legitimate purposes, such as providing a way for IT staff to access the system remotely. But they can also be used to steal data or install malware.
Backdoors are usually programmed into the software by the programmers of that software, but they may also be created by exploiting bugs in the program\’s code.
What is ransomware and how does it work?
Ransomware is a form of malware that encrypts a computer system\’s hard drive and demands a ransom payment to decrypt it.
Ransomware is typically spread through email attachments, web page ads, or by visiting malicious websites. Once ransomware infects your computer, it will lock you out of your data and applications until you pay the ransom.
The ransom note will typically give instructions on how to purchase bitcoins with which to make the payment.
What Is The Difference Between A Zero-Day And Other Types Of Security Vulnerabilities?
A zero-day vulnerability is a security vulnerability that is unknown to the public and for which no software patch or workaround has been released. The term \”zero day\” is derived from the popular use of the phrase \”a bug\’s life\” in movies such as A Bug\’s Life and Antz, where bugs are often seen as pests that need to be exterminated.
A zero-day vulnerability can be exploited by malware, ransomware, or other malicious software without any warning. Zero-day vulnerabilities are usually sold on the black market for prices ranging from $5,000 to $200,000.
Different Types of Zero-Day Vulnerabilities
There are three types of zero-day vulnerabilities:
- design flaws
- Design flaws occur when a system is designed improperly and leaves it open to attack.
- implementation flaws
- Implementation flaws happen when a system is built improperly and leaves it open to attack.
- information disclosure
- Information disclosure occurs when data is exposed without authorization which can lead to malicious attacks such as phishing scams.
Design flaws have been around for decades with no solution in sight due to the complexity of designing systems that are secure by design. To mitigate these types of vulnerabilities, developers must use tools that provide protection at the application layer.
One approach to addressing this problem is by making software applications more difficult to use, e.g., forcing users to agree in advance on every input and every program output which is not providing a good customer experience.
Another approach is long-term development and maintenance of secure systems that are known as secure by design. Secure by design can be achieved through either cryptographic analysis or compilers with built-in security features.
In computer programming, the goal of secure by design is the inclusion of enough safeguards into an application to make it difficult for hackers to exploit its weaknesses. These safeguards may include:Secure by design has been defined as follows: \”The process of designing computer systems with inherent security built in from the beginning, rather than in add-
As you can see, there are different types of zero-day vulnerabilities, but one common example is a privilege escalation vulnerability. A privilege escalation vulnerability allows an attacker to elevate their privileges on a system or network to gain access to information they would not normally have access to. Some examples of privilege escalation vulnerabilities include:
- Exploiting memory corruption vulnerabilities in Windows to gain the ability to run code, such as gaining the ability to execute code on a system.
- Exploiting access-control bypass vulnerabilities in Microsoft Office 2010.Launching remote access tools through a vulnerability in the Remote Desktop Protocol on Windows systems with an integrated
How Can You Protect Yourself From A Zero-Day Vulnerability?
Zero-day vulnerabilities are hard to detect. The recommendation for protecting your organization from Follina from Microsoft are:
- Turn on cloud-delivered protection if using Microsoft Defender Antivirus
- Disable the MSDR URL protocol
Conclusion
Microsoft Office Zero-Day Security Vulnerability is a critical vulnerability that users of Microsoft Office need to be aware of and need to be careful in downloading Word attachments in emails from people you do not know.
The issue with zero-day exploits is there is no patch available to remove the problem which makes it extremely dangerous.
This article explored Follina, what it is and how it works. Be diligent in using Word from attachments in email