Hackers Can Take Control Of Your PC Through Microsoft Office: How To Avoid It? | #microsoft | #hacking | #cybersecurity


A new hacking campaign is taking advantage of a Microsoft Office vulnerability. Independent research group “nao_sex” has identified a new zero-day vulnerability, implying that neither Microsoft nor any anti-virus vendors were aware of this exploit.

Using an infected Microsoft Word document, hackers can execute a code through a vulnerability called “Follina.” If you’ve opened a malicious Word document in recent times, you could also be infected with Follina.

Unsplash

The dangers of Follina

While Word documents are mistakenly considered benign, this new exploit can give Follina the ability to give commands for automated tasks. Building on it, hackers can install and delete programmes, view and modify data, and also may be able to create new accounts through access to personal information.

 Which versions are affected? According to the Tokyo-based research group, Microsoft Office 2013 and 2021 are vulnerable to Follina attacks. Even licenced versions of Microsoft 365 on Windows 10 and 11 aren’t safe.

Representational Image/PexelsRepresentational Image/Pexels

Also read: Hackers Can Now Hijack Your Accounts Even Before You Create Them: Here’s How

The threat has since been acknowledged by Microsoft, but the bad news is that there is no patch to wade off Follina on Microsoft Word. To help users cope with potential data loss to Follina, Microsoft has meted out a set of guidelines to cope.

Hackers Can Take Control Of Your PC Through Microsoft Office: How To Avoid It?Windows Report

What you can do

For starters, if you’re worried about the vulnerability, simply disable the Microsoft Support Diagnostics Tool (MSDT) URL protocol. In Microsoft’s words:

  1. 1. Run Command Prompt as Administrator.
  2. 2. To back up the registry key, execute the command “reg export HKEY_CLASSES_ROOTms-msdt filename“
  3. 3. Execute the command “reg delete HKEY_CLASSES_ROOTms-msdt /f”.

Also read: How Hackers Are Beating Multi-Factor Authentication Simply By ‘Annoying’ Users

When the threat passes, you may also undo this. Again, in Microsoft’s words:

  1. 1. Run Command Prompt as Administrator.
  2. 2. To restore the registry key, execute the command “reg import filename”

You can read Microsoft’s blog post on the vulnerability here.

Do you think any part of the internet is safe from hackers at this point? Let us know in the comments below. For more in the world of technology and science, keep reading Indiatimes.com





Original Source link

Leave a Reply

Your email address will not be published.

nine + one =