PARIS, June 6 (Benin News / EP) –
Microsoft works at a patch with which fix the vulnerability which allows remote access and code execution with a malicious Word file using the Microsoft Diagnostics Tool (MSDT).
The technology company has acknowledged and identified as CVE-2022-30190 the vulnerability that uses a Word document to open the door to the execution of malicious code.
Specifically, the vulnerability, identified as zero-day at the end of May and present in Microsoft Office, allowed the execution of PowerShell commands with the MSDT tool, bypass Windows Defender detection and even with macros disabled.
On the vulnerability’s page, Microsoft notes that “An attacker who successfully exploits this vulnerability can execute arbitrary code with the privileges of the calling application. The attacker can then install programs, view, modify or delete data, or create new accounts. in the context authorized by the user’s rights”.
In the text of the vulnerability log, the company acknowledges that. is exploited and that already working on a solution which will be distributed with a future update.