Microsoft Office Has A Vulnerability That Chinese Hackers Are Exploiting

by Shivdeep Dhaliwal, Benzinga Editor
June 2, 2022 2:39 AM | 2 min read | Make a Comment
Zinger Key Points
  • Purported Chinese group exploiting vulnerability in Microsoft Word
  • The vulnerability dubbed Follina was used to target Tibetan dissidents

Hackers purportedly linked to the Chinese government are exploiting a recently discovered vulnerability in Microsoft Corporation’s MSFT Office.

What Happened: A tweet by cybersecurity platform Proofpoint named a hacker group labeled “TA413” using the vulnerability to deliver Zip Archives containing Word documents that use the technique. 

“​​Campaigns impersonate the "Women Empowerments Desk" of the Central Tibetan Administration and use the domain tibet-gov.web[.]app,” said Proofpoint.

See Also: How To Buy Microsoft (MSFT) Shares

Why It Matters: The Dharamsala, India-based Central Tibetan Administration and other Tibetan dissidents were previously targeted by TA413, according to a Proofpoint blog post dating back to September 2020.

The latest vulnerability in Word came to light on May 27 after security group Nao Sec posted a sample of the malicious code submitted from Belarus. 

The vulnerability was dubbed Follina, after a town in Italy by cybersecurity researcher Kevin Beaumont.

Beaumont penned a blog post over the weekend and said the vulnerability lets a malicious Word file retrieve HTML files from a remote webserver and then execute PowerShell commands by hijacking the Microsoft Support Diagnostic Tool — a program meant to collect information on problems affecting Microsoft’s apps. 

Importantly, the vulnerability can be exploited despite macros being disabled in Word, according to Beaumont.

Beaumont said he could not get the vulnerability to work on the Insider and Current versions of Office, which suggests Microsoft tried to fix this vulnerability without documenting it. This supposedly took place around May 2022.

“The vulnerability has been proved in Office 2013, 2016, 2019, 2021, Office ProPlus and Office 365” and appears exploitable using .RTF files on all versions of Office 365, wrote Beaumont.

Price Action: On Wednesday, Microsoft shares closed 0.2% higher at $272.42 in the regular session and fell 0.3% in the after-hours trading, according to data from Benzinga Pro.

Read Next: Sick Of Losing Your Apple TV Remote? This $40 Accessory Can Help You

 

Market News and Data brought to you by Benzinga APIs

© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.

Posted In: NewsTechChinaConsumer TechhackersKevin BeaumontMicrosoft Word
Benzinga simplifies the market for smarter investing

Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.

Join Now: Free!