Microsoft Releases Workarounds for Office Vulnerability Under Active Exploitation
May 31, 2022
Microsoft on Monday published guidance for a newly discovered zero-day security flaw in its Office productivity suite that could be exploited to achieve code execution on affected systems. The weakness, now assigned the identifier CVE-2022-30190 , is rated 7.8 out of 10 for severity on the CVSS vulnerability scoring system. Microsoft Office versions Office 2013, Office 2016, Office 2019, and Office 2021, as well as Professional Plus editions, are impacted. "To help protect customers, we've published CVE-2022-30190 and additional guidance here ," a Microsoft spokesperson told The Hacker News in an emailed statement. The Follina vulnerability, which came to light late last week, involved a real-world exploit that leveraged the shortcoming in a weaponized Word document to execute arbitrary PowerShell code by making use of the "ms-msdt:" URI scheme. The sample was uploaded to VirusTotal from Belarus. But first signs of exploitation of the flaw...