A recent analysis by Cybersecurity researchers has brought to light a zero-day exploit in Microsoft Office that can be used for code execution in Windows environments. Nao_sec, an independent cybersecurity research team has uncovered this vulnerability by uploading a Word document (”05-2022-0438.doc”) to VirusTotal from an IP address in Belarus.
Named after the Italian commune, Follina, this vulnerability is considered a high-risk threat since it does not require Macros to be enabled. “All that’s required for the exploit to take effect is for a user to open and view the Word document, or to view a preview of the document using the Windows Explorer Preview Pane. Since the latter does not require Word to launch fully, this effectively becomes a zero-click attack”, Nikolas Cemerikic of Immersive Labs said.
Security researcher Kevin Beaumont tweeted that the vulnerability uses “Word’s external link to load the HTML and then uses the ‘ms-msdt’ scheme to execute PowerShell code”. “The maldoc leverages Word’s remote template feature to fetch an HTML file from a server, which then makes use of the “ms-msdt://” URI scheme to run the malicious payload”, he added.
With this vulnerability, malicious users can have Microsoft Word execute code via Microsoft Support Diagnostics Tool (MSDT), a utility typically used to troubleshoot and collect diagnostic data for analysis by support professionals to resolve a problem. Furthermore, Protected View does not seem to provide any real protection. When the document type is changed to RTF, the code runs, even without opening the document.
Bad actors are already on the move. An advanced persistent threat (APT) conductor originating from China has executed code on affected systems using URLs to carry ZIP archives that include Word Documents,” enterprise security firm Proofpoint stated in a tweet.
Affected systems include Office, Office 2016, and Office 2021. Other versions are likely to be at risk as well. Office Professional Pro with April 2022 patches running on an up-to-date Windows 11 machine with has been shown to execute this code when the preview pane is enabled.
It is worth noting that the MSDT utility cannot execute payloads without a passkey, which is typically possessed by support technicians only. This may explain why Microsoft does not consider this vulnerability a security threat. Nevertheless, admins are advised to turn off the Preview Pane in File Explorer and disable the MSDT URL protocol to prevent the attack vector, at least for the time being.
A secure email system is essential to maintaining a good reputation as well as protecting your business’s livelihood, especially if you send or receive confidential information via email on a regular basis. Here are seven ways to boost your company’s email security so that your critical business communications don’t end up in the wrong hands.
1) Create Strong Passwords
Creating strong passwords is one of your best bets against hackers who attempt phishing attacks and ransomware. Phishing is a fraudulent email designed to steal information, while ransomware encrypts files or programs on your computer until you pay a ransom fee. Always create strong passwords using random strings of numbers, symbols, and upper-and-lowercase letters that are at least 14 characters long. Use different passwords for each account, and change them every three months. Never write down your password in an obvious place—such as on a sticky note attached to your monitor—as it could be easily stolen by someone else. If you’re ever unsure about whether an email is legitimate, contact customer service directly; never click any links in emails from unknown senders.
2) Set Up Two-Factor Authentication
For a small business, one of your biggest vulnerabilities is email. Email is a vector that hackers use to gain access to larger networks and eventually your entire network of systems. Two-factor authentication (2FA) can protect you from these types of attacks and even prevent ransomware from infecting your devices. Before you set up 2FA, ensure that any essential services (like payroll) have failover protection in place so that you don’t lose key information if hackers cripple your system.
3) Encrypt Sensitive Data
When it comes to sensitive data, there are a few things that you can do in order to keep your business safe from phishing scams. If a scammer is trying to get information from your business, they’ll often ask for credit card or banking details—information which should never be provided by email. Credit card numbers, social security numbers and any other data that might be used by someone who isn’t an employee at your company should always be encrypted when it’s being transmitted via email.
4) Use a Password Manager
A single weak password can be devastating, opening you up to phishing scams and other attacks. Utilize a password manager such as LastPass or 1Password or an SSO solution such as OneLogin and create strong passwords that are unique for each site you visit. With a password manager, you only need one good password that unlocks everything else.
5) Limit Auto Logins
All companies that offer some form of email protection—whether it’s a webmail system or an external service—also limit auto-login opportunities and reinforce two-factor authentication (or other forms of security verification) when they do provide login access. In most cases, you don’t want your employees logging in to their accounts without reason; it should only be done for emergencies, not for those quick checks on current sales numbers.
6) Backup Data Regularly
A good rule of thumb is to keep two or three backup copies of your data in different places. These backups could be on an external hard drive, in a cloud storage account like Dropbox or Google Drive, and even on another computer at home or in a remote location. If you use a web-based email provider, back up your emails by exporting them and storing them locally.
7) Monitor Connections
If you use an Internet connection that isn’t your own, like at a library or cybercafe, it’s important to monitor connections. Hackers often take advantage of unsecured connections and can trick your browser into connecting to dangerous sites. If you aren’t certain what kind of system is in place at a particular cybercafe, bring along antivirus software and keep it running throughout your time online.
We Can Help
At NetResults, we can help small businesses boost their email security with a comprehensive suite of tools that not only combat phishing attacks but also prevent them from even happening in the first place. Give us a call. nrtg.net
MSSP Serving Small and Medium-sized Businesses