A vulnerability in Microsoft could allow an attack by an e-mail attachment

The vulnerability could allow commands to be executed remotely using Microsoft Word documents.

The vulnerability has already been exploited. Adobe Stock / AOP

Cyber ​​Security Center warn A zero-day vulnerability exists in the Microsoft Support Diagnostic Tool that could allow an attacker to remotely execute a maliciously crafted Word document.

– A document preview in Microsoft Explorer or the opening of a document that contains malicious code is sufficient to exploit the vulnerability. Microsoft’s “Protected View” and “Application Guard” protect against vulnerabilities, the Cyber ​​Security Center says.

In practice, an attacker can access the victim’s machine if it has preview attachments enabled.

It is assumed that criminals are trying to take advantage of the vulnerability and also approach Finns with scam messages that contain contaminated attachments.

According to the Cyber ​​Security Center, exploitation of the vulnerability has been identified and no permanent fix is ​​yet available. Therefore, special care should be taken with documents obtained from unreliable sources.

This is how everyone should now deal with cyber attacks IL-TV

ttn-54