The flaw in question, codenamed CVE-2022-30190, has a severity rating of 7.8 on a scale of 10. Versions of Microsoft Office 2013, 2016, 2019 and 2019 – as well as Professional Plus editions – are all affected . Microsoft explains that it discovered that one of the protocols in the suite, called MSDT, has been actively hijacked by hackers since the middle of April.
The flaw, also called Follina, usually involves a corrupted Word document. The first examples of exploitation appear to be hacking attempts targeting Russian citizens. One of the example files mentioned by The Hacker News, is a Word document titled in Russian: “приглашение на интервью.doc”. The malicious file attempts to pose as an interview request on behalf of Sputnik.
How to Protect Against the Latest Microsoft Office Suite Flaw
When opened, the file runs a series of arbitrary commands in the command prompt. The machine is then infected with malware. The problem with this flaw is that it is based on a protocol, MSDT, which the suite does not allow to easily deactivate. Microsoft explains:
“A remote code execution vulnerability exists when MSDT is invoked via the URL protocol from a source application such as Word. A hacker who successfully exploits this flaw can execute arbitrary code with the same access privileges enjoyed by the application. The hacker can then install programs, view, change or delete data, or create new accounts in the context authorized by the user’s rights on the machine”.
Microsoft believes it has solved the problem – even if the firm has not issued any patch or patch. In fact, Microsoft has basically updated the Microsoft Defender detection base and at the same time offers a walkthrough to completely block the MSDT functionality through the system registry. For the rest, Microsoft engineers believe at this stage that the security mechanisms already in place prevent this type of exploit.
However, if you have particularly sensitive data on your machine and want to avoid the slightest risk, just follow these steps:
- Launch cmd Where powershell with administrator rights
- Type: reg delete HKEY_CLASSES_ROOTms-msdt /f
- Press the Enter key
Note that it is advisable to first save the registry key in question by typing reg export HKEY_CLASSES_ROOTms-msdt followed by the desired file name. If you want to go back later, just type reg import followed by the filename of the backup – always in a command window with administrator rights.