Zero-day vulnerability in Office fixed


Microsoft on Monday published a guide to fix a recently discovered zero-day vulnerability in the Office suite to improve performance, which can be used to execute code on the system. Vulnerability CVE-2022-30190 with a rating of 7.8 out of 10 affects Microsoft Office 2013, Office 2016, Office 2019 and Office 2021, as well as Professional Plus editions.

“To protect customers, we have published
Description of CVE-2022-30190 and additional safety recommendations”
, – said a Microsoft representative.

Last week, a cybersecurity researcher Nao_sec discovered a malicious Word document 05-2022-0438.doc , which was uploaded to VirusTotal by a user from Belarus. The document uses the remote template function to extract HTML, and then uses the “ms-msdt” schema to execute PowerShell code.

Earlier, Microsoft announced that Excel 4.0 (XLM) macros will now be disabled by default to protect users from malicious documents. Microsoft also warned that millions of Android system applications contain dangerous vulnerabilities.
Vulnerable pre-installed applications cannot be deleted or disabled.

Start a discussion …