Malware loads itself from remote servers and bypasses Microsoft’s Defender AV scanner, according to reports.
A zero-day vulnerability in Microsoft Office allows adversaries to run malicious code on targeted systems via a flaw a remote Word template feature.
The warning comes from Japanese security vendor Nao Sec, which tweeted a warning about the zero day over the weekend.
Noted security researcher Kevin Beaumont dubbed the vulnerability “Follina”, explaining the zero day code references the Italy-based area code of Follina – 0438.
Beaumont said the flaw is abusing the remote template feature in Microsoft Word and is not dependent on a typical macro-based exploit path, common within Office-based attacks. According to Nao Sec, a live sample of the bug was found in a Word document template and links to an internet protocol (IP) address in the Republic of Belarus.
It’s unclear if the zero-day bug has been actively leveraged by adversaries. There are unconfirmed reports that proof-of-concept code exists and more recent versions of Office are vulnerable to attack. Meanwhile, security researchers say users can follow Microsoft Attack Surface Reduction measures to mitigate risk, in lieu of a patch.
Working of Follina
Nao Sec researchers explain the path to