Be extra careful with MS Office documents
A security hole has been discovered in Windows which allows hackers to bypass protection measures by configuring a malicious MS Office document (Word, Excel, etc.) and tricking you into opening it. Microsoft has not yet fixed the vulnerability, so we need to be extra vigilant about receiving Word and/or Excel documents from suspicious sources.
Please read the full article for more details.
We need to be extra careful when downloading and/or receiving MS Office documents for the foreseeable future.
What is the vulnerability?
There is a problem with the Microsoft Windows Support Diagnostic Tool (MSDT), which allows specially designed URLs in MS Office documents to be accepted and commands to be run with admin privileges.
How can the vulnerability be exploited?
An Attacker could create a malicious MS Word document and email it to you as an attachment. If you click on the attachment (not just the email), the infected file sends a command to the MSDT, and the command is executed with admin privileges. This could do practically anything on your computer, including destroying data, installing malware, etc.
What do I need to do?
Be extra vigilante about MS Office documents you receive. If you are not completely confident about the sender and are expecting such a document from them, do *not* open the attachment. If you are unsure, click the Phish Alert Button in Outlook (if you have one), or forward the email to HDF (firstname.lastname@example.org) with a message that you are unsure about the email.
How can I identify an email with a malicious attachment?
In this case, emails have come in with subject lines like “Urgently check the contract, signing tomorrow morning”, or “Here’s the document you requested”. But these can change at any time. You should be wary of *any* emails with links or attachments.
How is this different than my normal vigilance?
This attack has been seen in the wild and is occurring now. You should always be careful about attachments from suspicious sources, but you should be even more careful at this time.
When will this be resolved?
Microsoft is working on a patch. We don’t know when it will be available.
Is this the same as Follina?
Yes. This vulnerability has also been called Follina.
If you have questions about this, please let us know and we will be happy to assist you.