May 31, 2022

Everything We Know About the New Microsoft Office Zero-Day Exploit

by: Align

07Z

On May 30, 2022, Microsoft released a security advisory (CVE-2022-30190) addressing a newly discovered zero-day Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability. This vulnerability came to light after an independent cybersecurity research team uncovered a Word document that was uploaded to VirusTotal from an IP address in Belarus. 

Read on for more info about the exploit as well as next steps. 

What does it do?  

According to Microsoft, “An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. 

What is at risk?  

This bug affects all Windows versions, including Office, Office 2016, and Office 2021, and is reportedly already being exploited by malicious actors.

Nao Sec researchers have explained the path to infection includes the malicious template loading an exploit via a hypertext markup language (HTML) file from a remote server.

What are next steps? 

There is no patch available at this point, but Microsoft provided a workaround to disable an MSDT URL protocol, which would prevent troubleshooters being launched as links throughout the operating system. Microsoft lists the steps to disable the protocol here.  

Customers with Microsoft Defender Antivirus should turn on cloud-delivered protection and automatic sample submission, which use artificial intelligence and machine learning to quickly identify and stop new and unknown threats.  

How is Align Managed Services addressing the vulnerability? 

Both the Align Managed Services and Align Cybersecurity teams have analyzed the proposed workaround and will deploy it to all Align Managed Services clients.  

Additionally, we remind all users to be vigilant when opening emails and files or installing applications from untrusted sources. 

Do you have further cybersecurity concerns?  

If so, we advise you to contact the Align Managed Services team at help@align.com or via phone at +1 855-IT-ALIGN (1-855-482-5446). 

Other contacts:  

Continue Reading

Related Articles

★★★★★

“Align is our trusted provider for all our Managed Services and cybersecurity needs. They provide us best-in-class IT services that not only help drive productivity and growth, but ensure we meet both current and evolving compliance and security requirements with ease. As consultants to financial advisors, trust and reliability are indispensable to our operations, which is why we never hesitate to refer Align to our very own client base. Align isn’t just our partner, they are an extension of our team. We look forward to entrusting them with our IT infrastructure for years to come.”

Ed Fasano - Experienced Advisory Consultants LLC