The Zero-Day ‘Follina’ Vulnerability Exposes Older Microsoft Office Versions to Attack

43
The Zero-Day __39;Follina__39; Vulnerability Exposes Older Microsoft Office Versions to Attack

Through a hole in the remote Word template capability, a zero-day vulnerability in Microsoft Office allows attackers to launch malicious malware on targeted devices.

The warning comes from Nao Sec, a Japanese security firm that tweeted about the zero day over the weekend. Kevin Beaumont, a well-known security researcher, dubbed the flaw “Follina,” saying that the zero-day number refers to the Follina – 0438 area code in Italy. It’s unknown whether adversaries have actively exploited the zero-day vulnerability.

Proof-of-concept code exists, according to unsubstantiated claims, and more current versions of Office are vulnerable to attack. Meanwhile, security experts suggest that in the absence of a patch, users can decrease risk by following Microsoft’s Attack Surface Reduction guidelines.

Read More: https://threatpost.com/zero-day-follina-bug-lays-older-microsoft-office-versions-open-to-attack/179756/