Computers can be controlled by hackers at any time-Information Technology
Hackers can take over your computer through the Microsoft Word application.
A new zero-day vulnerability exists in Microsoft Office capable of allowing hackers to take control of a computer, even they can enter without the victim opening the infected document file.
Discovered by a team of researchers, including Kevin Beaumont, and he named the vulnerability Follina. The vulnerability was first announced on May 27 through a Twitter post, although Microsoft is said to have learned about Follina in early April.
Currently, no “special treatment” patch has been released, but there is a workaround provided by Microsoft, advising users to temporarily disable the Microsoft Support Diagnostic Tool (MSDT), this is where hackers exploit to infiltrate the attacked computer.
This exploit mainly affects .rtf format document files, but other Microsoft Word file formats may also be affected. In Microsoft Word there is a feature called Templates, which allows loading and executing code from external sources. Follina relies on this to hack the computer and then run a series of commands to open MSDT.
Under normal circumstances, MSDT is a safety tool that Microsoft uses to deal with various problems for Windows users. But in this case, it also grants remote access to the victim’s computer, giving the exploiter control over it.
The attack method of the Follina vulnerability via MS Word.
In the case of .rtf files, the exploit can execute even without opening the file, as long as it is viewed in File Explorer that Follina can be activated. After an attacker gains control of the computer through MSDT, they can download malware or do many other things that harm the victim.
What should users do until Microsoft patch the vulnerability?
First, check to see if your desktop version of Microsoft Office is in the process. So far, the vulnerability has been found in Office 2013, 2016, 2019, 2021, Office ProPlus and Office 365 versions. However, there is no word yet on whether older versions of Microsoft Office are secure. safe or not, so taking extra protection steps is a must.
If it is possible to avoid using .doc, .docx and .rtf files at this time, it is not a bad idea. Consider switching to cloud-based alternatives like Google Docs and only accept and download files from trusted sources.
Last but not least, disable MSDT for your Windows operating system, how to:
Launch Command Prompt (cmd) as administrator.
The first thing to do is to back up the Registry key related to MSDT, by entering the command line reg export HKEY_CLASSES_ROOTms-msdt backupmsdt and pressing Enter.
Next run the command line reg delete HKEY_CLASSES_ROOTms-msdt /f and press Enter.
Later, when Microsoft has patched the vulnerability, restore the MSDT feature with the command line reg import backupmsdt using a cmd window as administrator.
According to Bach Ngan (Vietnamese people)
at Blogtuan.info – Source: 24h.com.vn – Read the original article here