There’s a way for Word files to trigger remote code execution even if files are only previewed, experts warn.
Cybercriminals have found a new hole in Microsoft Word (opens in new tab) documents that allow them to distribute malware (opens in new tab), researchers are saying. Discovered by cybersecurity expert Kevin Beaumont, and dubbed “Follina”, the hole leverages a Windows utility called msdt. exe, designed to run different troubleshooter packs on Windows. According to the report, when the victim downloads the weaponized Word file, they don’t even need to run it, previewing it in Windows Explorer is enough for the tool to be abused (it has to be an RTF file, though). By abusing this utility, the attackers are able to tell the target endpoint to call an HTML file, from a remote URL. The attackers have chosen the xmlformats[.
