Overnight I received notification from our Security Operations Center that they have seen hackers using a new bug in Microsoft Office to infect computers. This is important because this bug is entirely new as of 31st May 2022 and currently has no fix from Microsoft.
The bug is called "Follina" and has been observed affecting Microsoft Word documents, but other Microsoft Office apps are likely to have the bug as well. Unlike many other bugs, hackers can infect you with this almost just by sending you the file. Specifically, if you have preview mode turned on in Outlook or Windows Explorer, and you click on the file at all, then you can be infected. Once your computer is infected, anti-virus will not usually do anything (kind of like how once I pass all of the checkpoints at an airport, no one really stops me again after that).
At present, there are a few things that can be done to limit being hacked from this:
1. If you receive email from someone with an unexpected Word or Excel document then I suggest not clicking on the attachment AT ALL, not even inside Outlook. If you think you might actually need the attachment, then I suggest giving the sender a phone call to make sure they actually meant to send it to you. Otherwise, delete the email.
2. If you are on a standard IT management plan with us, then we have made some changes to your Windows 10 PC configuration to block some parts of this bug (if your PC is offline, then we will do this when we next see it online). When an update from Microsoft comes through, we will also be looking to send that to your PC.
3. If you have our Cyber Office Protection plan with us, then in addition to the above, your devices are also on a watchlist for our Security Operations Center (SOC) to catch anything that slips through.
If you are interested in the technical mumbo-jumbo, you can see the raw brief from our SOC team here: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug?utm_content=209757087