Microsoft Confirms ‘Follina’ Office Zero-Day Vulnerability

company making security updates

As the Chief Information Security Officer for Warwick, it is my job to make you aware of important security events.

A new zero-day vulnerability that may impact you has been discovered. As an IT Managed Service Provider, we published this post to provide details on how this vulnerability may affect you and what has been done to mitigate any impact.

What is a Zero-Day Vulnerability?

A zero-day vulnerability is a weakness in software that has been discovered by a hacker but is still unknown to the developer. It’s called “zero-day” because once a hacker detects the vulnerability, the software vendor – in this case, Microsoft – essentially has “zero time” to patch it before it’s exploited.

Who is Follina?

Follina is the name given to a new Microsoft Office zero-day vulnerability. Microsoft Office versions Office 2013, Office 2016, Office 2019, and Office 2021, as well as Professional Plus editions, are impacted.

This is the most undetectable threat we’ve seen to date. A malicious actor can use a simple email to gain access to your IT environment and devices. This exploit can be easily disguised in a Microsoft Word document or Rich Text Format (RTF) file that doesn’t even need to be opened. Here are some more details:

“The vulnerability leverages Office functionality to download an HTML file, which exploits the MSDT to let attackers execute code remotely on compromised devices. To make matters worse, Follina works without elevated privileges, can bypass Windows Defender detection, and doesn’t need macro code enabled to run scripts or execute binaries.”

Email-based attacks are the biggest security threat facing businesses today. Attackers introduce billions of new phishing emails every single day.

What Should be Done?

Yesterday, Warwick disabled the Microsoft Support Diagnostic Tool (MSDT) on your devices as recommended by Microsoft – Microsoft Releases Workarounds for Office Vulnerability Under Active Exploitation ( Warwick will continue to monitor Microsoft for any additional guidance and action. When a patch is available, Warwick will also deploy this to your environment.

We recommend that you remind all employees to view emails with a critical eye, particularly when they contain attachments. You can contact Warwick regarding any email that looks suspicious.

A Strong Security Posture is Critical

Preventing malware phishing attacks from being successful is something every business is fighting. They are an entry point into today’s digital infrastructure that unless recognized and remediated can cause business disruptions or worse. A strong security posture requires striking a balance between effective tools, skilled monitoring, and a trained cyber-aware staff.

Partnering with Warwick means you are harnessing a layered and mature security approach that not only makes it hard for an attack to be successful but ensures there is already a plan in place to minimize damage and keep your business running. While cyber threats are always constant and becoming more sophisticated, Warwick is here to make navigating the right response and defense measures easy.

Have questions? Schedule time with your Account Manager or contact us today.