Zero-day vuln in Microsoft Office: ‘Follina’ will work even when macros are disabled

Infosec researchers have idenitied a zero-day code execution vulnerability in Microsoft’s ubiquitous Office software.

Dubbed “Follina”, the vulnerability has been floating around for a while (cybersecurity researcher Kevin Beaumont traced it back to a report made to Microsoft on April 12) and uses Office functionality to retrieve a HTML file which in turn makes use of the Microsoft Support Diagnostic Tool (MSDT) to run some code.

Worse, it will work in Microsoft Word even when macros are disabled.

Read more…
Source: The Register