Through a hole in the remote Word template capability, a zero-day vulnerability in Microsoft Office allows attackers to launch malicious malware on targeted devices.
The warning comes from Nao Sec, a Japanese security firm that tweeted about the zero day over the weekend. Kevin Beaumont, a well-known security researcher, dubbed the flaw “Follina,” saying that the zero-day number refers to the Follina – 0438 area code in Italy. It’s unknown whether adversaries have actively exploited the zero-day vulnerability.
Proof-of-concept code exists, according to unsubstantiated claims, and more current versions of Office are vulnerable to attack. Meanwhile, security experts suggest that in the absence of a patch, users can decrease risk by following Microsoft’s Attack Surface Reduction guidelines.