New Zero-Day Vulnerability in Malicious Microsoft Office Documents

6/3/2022 @ 8:40am

This is a follow-up to our security bulletin on Tuesday regarding a Zero-Day vulnerability that allows an attacker to craft malicious Microsoft Office documents to launch attacks on systems.

As of this writing, Microsoft has not yet published a security patch that properly addresses this vulnerability.  When such a patch is released, designDATA will execute our Zero-Day patch deployment process and deploy that patch promptly to all client systems we manage.

In the interim, Microsoft has published a technical workaround that disables a portion of Microsoft Windows that is used by this exploit (specifically, being able to launch the Microsoft Support Diagnostic Tool through an obscure URL protocol).  Implementing this workaround involves changing the Windows registry and will prevent the exploit from being able to run.

 designDATA has tested this workaround and has not observed any side effects that may impact your systems.  We have also developed and tested the scripting necessary to deploy this workaround to all of all of our clients’ Windows computers.  Due to the high risk presented by this vulnerability, designDATA will be rolling out this workaround script to all applicable computers that we manage on Friday, June 3rd.

No actions are required by you or your staff.  Any computers powered off during the day on June 3rd will get the workaround when they next come online and connect to the Internet.

designDATA will continue to work with Microsoft and our industry partners to mitigate the risk from this vulnerability and will deploy the security update that permanently fixes this vulnerability once it is published by Microsoft.  If you have any questions about this vulnerability, the workaround, or designDATA security bulletins in general, please reach out to your Client Technology Manager, Program Manager, or Technical Account Manager at designDATA. 

Thank you.

5/31/2022 @ 12:15pm

In the last 24 hours, news reports and communication from Microsoft has emerged regarding a new Zero-Day threat involving malicious Microsoft Office Documents.  A Zero-Day threat is one in which no security patch yet exists.  There are major concerns in the Cybersecurity community that this Zero-Day threat will be immediately exploited by criminals to install malware, deploy ransomware, or create backdoors into systems they can then exploit in the future.

This particular threat involves using a specifically-crafted, malicious Microsoft Office document (such as a Microsoft Word file, Microsoft PowerPoint file, or Microsoft Excel file) to launch the attack.  The attack begins when a user opens the malicious Microsoft Office document, and there may not be any indication the attack has commenced.  designDATA encourages all of our customers to review this notice and to share it with all of their staff:

What You and Your Staff Can Do To Protect Yourselves:
Do not open Microsoft Office files from untrusted or unsolicited sources, particularly as part of an email attachment or email link.  This includes otherwise-normal business processes, such as avoiding opening an attached Word document sent to jobs@yourorganization.org claiming to be a Resume, or an email with a link to download an Excel document claiming to be a new invoice from a new vendor.  Give additional scrutiny to any Microsoft Office documents received from previously-unknown senders.

Consider alternate ways to send and receive information to outside parties other than through Microsoft Office documents.  Safer ways include sending the information in the body of an email, in a PDF file, or even a screenshot.

What designDATA is Doing to Protect Your Staff:
As soon as Microsoft releases a security update for this vulnerability, designDATA will immediately work to deploy this to your computers following our Zero-Day patching procedure.  These deployments begin within 24 hours of the new update being released.  designDATA is reviewing public information and communicating with our security partners and Microsoft to better understand this vulnerability and to recommend any additional technical controls or awareness training we can make available to your staff.

If you have questions about this vulnerability, please contact your designDATA Program Manager, Client Technology Manager, or Technical Account Manager.

Talk With Our Productivity Expert

Microsoft Forms Blog Post

  • This field is for validation purposes and should be left unchanged.