New Microsoft Office Code Execution Vulnerability Follina Is Spotted in the Wild

A new zero-day vulnerability in Microsoft Office and Windows has been recently discovered in the wild, targeting Russian users and companies by sending malicious documents to the target. The document uses the Word remote template feature to retrieve an HTML file from a remote server, which abuses the msdt support tool to download and execute PowerShell even if macros are disabled. According to security researchers, the flaw can be exploited by using .RTF files of all versions of Office 365. Read more...