New Microsoft Office zero day – poses a threat to all businesses

A newly discovered Microsoft Word vulnerability could allow attackers easy access to networks

Share This Post

As of 30th May 2022, a number of cyber security firms and researchers reported a new ‘zero day’ in Microsoft Word, dubbed ‘Follina’.

(A zero day is a previously unknown vulnerability that can bypass existing cyber capabilities – with defenders playing catch-up to devise ways to stop it.)

The So-What

The new zero day could enable an attacker to gain remote code execution access to a network without any clicks from an unsuspecting user.

This means an email could be sent to one of your users with a malicious Microsoft Word document attached that contained Follina. Even if the user only hovers over the document, it could cause the malicious file to execute, granting access to your network.

Some technical details

This zero day is still new on the scene, so not all technical details are known. Security researcher Kevin Beaumont has reported it works against Office 2013 and 2016 and potentially newer versions of Office, such as Office 2019.

Due to the lack of information about this vulnerability, it should be assumed that any version of Office is potentially exploitable.

Mitigation

Cyber tools such as Microsoft Defender for Endpoint will no doubt be updated very quickly to detect and block this threat.

As the full details are not known, we strongly reccomend that all users are advised to be particularly cautious about opening any incoming emails with Microsoft Word documents attached to them.

External links for further information

Request a call back from team 2tela

Fill in your details and we'll be in touch

More To Explore

Threats & Exploits

Cyber operations during conflict and war

Middle East tensions significantly increased following the UK designated terrorist group Hamas attacked Israel on 7th October. Cyber operations are increasing and is a growing threat to UK businesses.

Do You Want To Boost Your Business?

drop us a line and keep in touch

Please Login

First timer?

Learn how we help give businesses peace of mind and security

Fill in the form and we'll be in touch.