Currently set to Index
Currently set to Follow
Thought Leadership

Microsoft Word Security Warning 5.31.22

Microsoft word security warning

A Microsoft word security warning is circulating that describes how bad actors are using it as a new way of executing mailcoud PowerShell on devices. There is currently no fix from Microsoft.

Announced May 27th, this document uses a word template feature to retrieve an HTML file from a remote server, which uses the ms-msdt MSProtocol URI scheme to load some code and execute some Powershell.

This happens as soon as the document is loaded, even if macros are disabled. It can even run using the preview features of explorer.

The good news is that antivirus vendors are adding signatures for these files and many can detect it, but only if your antivirus is up to date as of May 30, 2022.

You are advised to not open or preview documents attached to unsolicited emails, or unexpected documents received in an email. If you are unsure, you can submit the document to http://www.virustotal.com for analysis without opening the document with Word.

Here is a reference article if interested: https://www.securityweek.com/document-exploiting-new-microsoft-office-zero-day-seen-wild

Regards,

Daniel Weatherly
Director of Security Services
501-801-6706

  • Industry

  • Category

  • Regulation

  • Solution

Little Rock, AR | Conway, AR | Bentonville, AR

325 West Capitol Ave., Suite 200
Little Rock, AR 72201

Central Arkansas 501.801.6700

Northwest Arkansas 479.439.5700

Toll Free 1.800.550.2052

Mainstream Technologies, Inc., Information Technology Services, Little Rock, AR
© Copyright 2022. Mainstream Technologies, Inc. All Rights Reserved. Privacy Policy | Sitemap