How Hackers Take Control Once They Open a Word File

Une faille dans Word permet d’infecter un ordinateur avec un simple document. © Pexels, Pixabay

You might be interested too


[EN VIDÉO] How to add checkboxes in Word?
Discover how to create checkboxes in Word using this new tutorial from Future. © Future

Almost everyone has heard by now that macros are dangerous Microsoft Word. After all, the software blocks them by default and displays a warning banner. However, this is not the only way to use the software Infect a computer. On TwitterUser @nao_sec shared malicious code found In a document Word.

This code uses a flaw called Folina. It’s classified as “Zero-Day”, in other words, by pirates already exploited and not updated (Microsoft has “zero days” to release a patch). തിരnao_sec While searching for documents with another flaw, the virus accidentally noticed a suspicious code on the site. An Internet user based in Belarus submitted a suspicious document to the site that will check if it was detected by various antiviruses.

A code hidden in base 64

The code software’s remote template feature is used to load an HTML file from. The waiter. This then redirects the device Diagnosis From Microsoft Support (MSDT) for uploading a file and executing PowerShell commands. This, even if Macros Disabled. Used the same technology as the author of the code On some websites To hide problematic commands: they are converted to base 64 and decoded in runtime.

Since the second file is not available, researchers do not know the exact purpose of the author. However, from the moment it is controlled to run PowerShell commands, it has the potential to take full control of the computer and attack other machines. Local network.

See also  Create a GoPay, Telkomsel cooperative mobile game ...

Folina is particularly problematic. By default, Word .docx files are opened in protected view. The code is only executed when the user clicks on “Enable Update”. However, if it is in .rtf format, this protection is not active. Also, in this case, you just need to select the code to execute it without opening it in File Explorer.

An overview of how Folina works in the updated version of Office 2021. © Diier Stevens

In April, Microsoft already rejected a report

The code works on all versions Microsoft Office At least since 2013, with all updates, including Office 2021. Indications are that the problem was reported earlier Microsoft In April the Shadow Chaser Group, a group of students pursuing differences. A man named John Microsoft Security Response Center (MSRC), satisfied that it was not A Security issue, The submitted sample does not work on his computer. Microsoft seems to have changed its mind since the company registered an error on May 30 under reference CVE-2022-30190.

Currently, there is no easy way to protect yourself from this attack. While waiting for an update, the most common solution is to edit the registry to prevent the diagnostic tool from launching in Word. To do this, we need to create value Enable diagnostics Inn HKLM \ Software \ Policies \ Microsoft \ Windows \ ScriptedDiagnostics Put .

But beware, this solution is reserved for advanced users. An error in updating the registry will cause the system to crash and prevent the computer from starting.

Find ours Online subscriptions Browse without ads! At this moment, the Mag Futura offers For a 3 month subscription to the “I Future Life Participation” subscription!

What is Mag Futura?

  • Our first paper journal with over 200 pages to make science accessible to as many people as possible
  • A dive into the heart of the 4 science themes that mark 2022 from Earth to the Moon

* Mag Future will be sent out after the third month of registration.

Interested in what you just read?

Written By
More from Josh Atkinson
Why You Should Consider Eco-friendly Phone Cases
Across the globe, there are billions of cell phone users with phone...
Read More
Leave a comment

Your email address will not be published.