The sensational 0-day vulnerability of Office has already been used for attacks on Russia, Belarus and Tibet


On Monday, Microsoft published a guide to fix the zero-day vulnerability in Microsoft Word documents that are already being used in attacks. A fix is not yet available, but the company has stated that a remote code execution vulnerability allows an attacker to “install programs, view, change and delete data or create new accounts”. Vulnerability CVE-2022-30190
It is located in the Microsoft Support Diagnostic Tool (MSDT) and is already used by several government hackers.

The problem was first discovered in a bachelor’s thesis in August 2020, but Microsoft reported it on April 21, 2022 after the head of the Shadow Chaser Group sent the company a document aimed at Russian users.

The problem resurfaced on May 27, when a Nao_sec researcher discovered a malicious Word document aimed at residents of Belarus. After that, Microsoft released a guide to fix the vulnerability.

Also by the statement of the company Proofpoint , a hacker group sponsored by the Chinese government used a 0-day vulnerability in attacks on the Tibetan Government in exile. The attackers posed as the “Women Empowerment Department” of the Central Tibetan Administration.

According to the Huntress statement , the exploit “can be launched when previewing the downloaded file, which does not require any clicks (after downloading).” “This is a zero-day attack that came out of nowhere and there is currently no fix available for it. The mitigation measures available are convoluted workarounds whose impact the industry has not had time to study.”, – added to Huntress.

Start a discussion …