The vulnerability could allow commands to be executed remotely using Microsoft Word documents.
Adobe Stock / AOP
Cyber Security Center warn A zero-day vulnerability exists in the Microsoft Support Diagnostic Tool that could allow an attacker to remotely execute a maliciously crafted Word document.
– A document preview in Microsoft Explorer or the opening of a document that contains malicious code is sufficient to exploit the vulnerability. Microsoft’s “Protected View” and “Application Guard” protect against vulnerabilities, the Cyber Security Center says.
In practice, an attacker can access the victim’s machine if it has preview attachments enabled.
It is assumed that criminals are trying to take advantage of the vulnerability and also approach Finns with scam messages that contain contaminated attachments.
According to the Cyber Security Center, exploitation of the vulnerability has been identified and no permanent fix is yet available. Therefore, special care should be taken with documents obtained from unreliable sources.