Microsoft confirms new zero-day code execution vulnerability in Office Software

Researchers Spot New Microsoft Office Zero-Day Exploit in the Wild

Microsoft has confirmed a zero-day flaw in its Office Software that could be abused to achieve arbitrary code execution on affected Windows systems. The vulnerability has been tracked as CVE-2022-30190, with a CVSS severity score of 7.8 out of 10.

The vulnerability uses Word’s external link to load a HTML file and then exploits the Microsoft Support Diagnostics Tool to allow attackers to execute PowerShell code remotely on compromised devices.

The shortcoming came to light after an independent cybersecurity research team known as nao_sec uncovered a Word document (“05-2022-0438.doc“) that was uploaded to VirusTotal from an IP address in Belarus.

In a standalone analysis, cybersecurity company Huntress Labs detailed the attack flow, noting the HTML file that triggers the exploit originated from a now-unreachable domain named “Xmlformats[.]com.” “A Rich Text Format file could trigger the invocation of this exploit with just the Preview Pane within Windows Explorer,” Huntress Labs’ John Hammond said.

“Much like CVE-2021-40444, this extends the severity of this threat by not just ‘single-click’ to exploit, but potentially with a ‘zero-click’ trigger.”

Multiple Microsoft Office versions, including Office, Office 2016, and Office 2021, are said to be affected, although other versions are expected to be vulnerable as well.

If you need assistance defending your system or wish to learn more about this incident, fill out the button below to speak to one of our cyber security consultants today.