Detecting dangerous security holes on Microsoft Office

The newly discovered vulnerability is called Follina, named by Kevin Beaumont, one of the researchers who first discovered it. Although there is no official fix yet, Microsoft has come up with a workaround by disabling the Microsoft Support Diagnostic Tool (MSDT), which is the way hackers get into the attacked computer.

Affected files include .rtf and MS Word files. Follina relies on a Templates feature that allows a program to load and execute code from external sources in MS Word to get into a computer and then run a series of commands to open MSDT.

Under normal circumstances, MSDT is a secure tool that Microsoft uses to fix various problems for users. However, in this case, it also grants remote access to help hackers control your computer.

For .rtf files, Follina can run even without opening the file, as long as it’s viewed in File Explorer. After gaining control of the computer through MSDT, the hacker can download malware and do many other things.

To protect your computer from being attacked by hackers through Follina, users can apply the following measures while waiting for Microsoft to release an official fix.

First, check to see if your version of Microsoft Office may be affected. So far, security vulnerabilities have been found in Office 2013, 2016, 2019, 2021, Office Pro Plus, and Office 365. However, there is no word yet on whether older versions of Microsoft Office are secure or not. , so you should still take the additional steps below to protect your computer.

If possible, avoid using files with extensions like .doc, .docx and .rtf. Consider switching to cloud-based alternatives like Google Docs. Only accept and download files from proven 100% safe sources.

Last but not least, it’s to follow Microsoft’s instructions on how to disable MSDT. First open Command Prompt. Then run MSDT as administrator and enter some required entries.