HIGH CYBER SECURITY ALERT: Microsoft Office Vulnerability

Bleeping Computer reports that “Microsoft has shared mitigation measures to block attacks exploiting a newly discovered Microsoft Office vulnerability – a zero-day flaw – abused in the wild to execute malicious code remotely. The bug is a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability reported by the Shadow Chaser Group” (Bleeping Computer, 2022).

The vulnerability allows a Microsoft Word document to execute code through MSDT even if macros are disabled (TechTarget, 2022).  

Microsoft Office’s Protected View and Application Guard would block the vulnerability, but various researchers found this was not the case if threat actors targeted previews of malicious documents in Windows Explorer. Therefore, it is also advised to disable the Preview pane in Windows Explorer to also remove this attack vector. The first attacks exploiting this zero-day bug began over a month ago using invitations to Sputnik Radio interviews and sextortion threats as lures. (Bleeping Computer, 2022)

What You Can Do

If you are a Managed Services customer, we have taken already run a script that disables this Microsoft Office vulnerability attack mechanism for you.

If you are not a Managed Services customer, you can change this registry setting on all of your PCs using these instructions:
Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability – Microsoft Security Response Center.