Microsoft ‘zero day’ warning for BILLIONS after Office hacked by Chinese cyber-crooks – change your settings NOW

CHINESE hackers have been exploiting a new vulnerability in Microsoft Office – here's how to protect yourself.

A new zero-day flaw in Microsoft Office dubbed 'Follina' is being weaponized by China-backed threat actor TA413, The Hacker News .

1

"Zero-day" vulnerabilities are ones that have not yet been patched or fixed by software developers - meaning that they can be fully exploited by hackers and cybercriminals.

They often stem from previously unknown issues and are especially dangerous until coders can fix the problem.

Once a solution patch is written and used, the exploit is no longer called a zero-day exploit.

The Follina flaw - also tracked as CVE-2022-30190 (CVSS score: 7.8) - can be used to execute code on Windows systems, Microsoft warned in a recent .

Once successfully exploited, the attacker can then "install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights," the tech giant added.

Read more on zero-day flaws

QUICK FIX

Apple releases iOS fix for flaw that hackers could use to take over your device

Follina is found specifically in the Microsoft Support Diagnostic Tool (MSDT) and affects Microsoft Office versions 2013 through Office 2019, Office 2021, Office 365, and Office ProPlus, per .

Bad actors are using specially-crafted Office documents to trigger the exploit.

"TA413 CN APT spotted exploiting the Follina zero-day using URLs to deliver ZIP archives which contain Word Documents that use the technique," security firm Proofpoint further  in a tweet.

"Campaigns impersonate the 'Women Empowerments Desk' of the Central Tibetan Administration and use the domain Tibet-gov.web[.]app."

Most read in Tech

'VERY ODD'

Mystery behind 85m-year-old sea monster with giant teeth solved after decades

BAD CHAT

WhatsApp makes ANOTHER change to group chats - and users fear it could start ROWS

GOOD SPORT

Sky customers receive access to FOUR more sports TV channels including football

HIT PLAY!

Netflix confirms TV series based on hit game downloaded by 4 BILLION players

The threat actor – or group – is known for targeting the Tibetan diaspora to "deliver implants such as Exile RAT and Sepulcher as well as a rogue Firefox browser extension dubbed FriarFox," according to The Hacker News.

How to protect yourself or your organization

While there is no official patch available right now, Microsoft has recommended users take precautions to mitigate their risk of being targeted.

First, users should disable the MSDT URL protocol to prevent the attack.

"Disabling MSDT URL protocol prevents troubleshooters being launched as links, including links throughout the operating system," Microsoft said.

To disable MSDT URL, first, run Command Prompt as Administrator.

Then back up the registry key, and execute the command "reg export HKEY_CLASSES_ROOT\ms-msdt filename",

Finally, execute the command "reg delete HKEY_CLASSES_ROOT\ms-msdt /f".

Microsoft also noted that users run Microsoft Defender Antivirus if they have it.

Defender turns on cloud-delivered protection and automatic sample submission, which can quickly identify and stop new and unknown threats.

Read More on The Sun

CRASH TRAGEDY

Two men, 21 & 23, and teen, 19, killed in crash with fourth fighting for life

r-over & out

Corrie's Daniel Brocklebank breaks silence as it's revealed he's leaving soap

Read More On The Sun

GOING BALLISTIC

Warning over NK nuke threat after Kim Jong-un's crypto hackers target US

Furthermore, some experts have advised that users turn off the Preview Pane in File Explorer.

To do this, open File Explorer > click on View Tab > tap on Preview Pane to view or hide it.