Cybersecurity researchers are calling attention to a zero-day flaw in Microsoft Office that could be abused to achieve arbitrary code execution on affected Windows systems.

The vulnerability came to light after an independent cybersecurity research team known as nao_sec uncovered a Word document ("05-2022-0438.doc") that was uploaded to VirusTotal from an IP address in Belarus.

It uses Word's external link to load the HTML and then uses the 'ms-msdt' scheme to execute PowerShell code," the researchers noted.

"There's a lot going on here, but the first problem is Microsoft Word is executing the code via msdt (a support tool) even if macros are disabled," Beaumont explained.

"Protected View does kick in, although if you change the document to RTF form, it runs without even opening the document (via the preview tab in Explorer) let alone Protected View," the researcher added.

According to security researcher Kevin Beaumont, who dubbed the flaw "Follina," the maldoc leverages Word's remote template feature to fetch an HTML file from a server, which then makes use of the "ms-msdt://" URI scheme to run the malicious payload.

MSDT is short for Microsoft Support Diagnostics Tool, a utility that's used to troubleshoot and collect diagnostic data for analysis by support professionals to resolve a problem.

Multiple Microsoft Office versions, including Office, Office 2016, and Office 2021, are said to be affected, although other versions are expected to be vulnerable as well.

The information contained in this website is for general information purposes only. The information is gathered from TheHackerNews, while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk. Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them. Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.