What is this about?
A severe vulnerability has been identified in MS Office applications. This vulnerability, called Follina, can cause run malicious code – i.e., malware – on a Microsoft Office 365 device. Specifically, when you open a document in MS Word, a file that launches this code using the built-in Microsoft tool is downloaded.
This vulnerability is especially dangerous because code execution does not require any permission. In the case of RTF documents, it launches already when the document is previewed in File Explorer. The vulnerability has been confirmed in all versions of MS Office 2013 to 2021, MS Office Pro Plus, and MS Office 365. It is actively exploited mainly through documents for MS Word.
What to do?
Microsoft has released MS Office updates in previous days, where the vulnerability Follin has already been fixed. Therefore, the Cyber Security Team of Masaryk University strongly recommends the urgent installation of this update on devices outside the Central Administration of Masaryk University, where the new measure has already been applied. In the MU environment, MS Office 365 is usually updated automatically. However, we recommend you double-check it. Alternatively, you can carry out the update manually as follows:
- start one of the Microsoft Office programs, for example, MS Word,
- go to the File tab in the upper left corner,
- switch to the Account tab in the lower-left corner,
- in the Product Information section, click the Update Options button, and select Update from the pop-up menu.
Updates are installed on traditional MS Office packages (2013, 2016, 2019 and 2021) via Windows Update. However, you need to have updates enabled for other Microsoft products, which you can check or do as follows:
- open the Settings application,
- go to the Update & security section, where you will be on the Windows Update tab,
- go to the Advanced Settings menu (last at the bottom),
- Check if the first setting – Receive updates for other Microsoft products when you update Windows – is to turn it on.
If you become the victim of this threat, do not hesitate to report it! How to recognize it? Several types of malware can infect your computer through this vulnerability; therefore, the signs can differ. But it is always better to report than not to report! You can help others as well.
Vulnerability Follina shows us that we can't always avert a cyber security attack by vigilant behavior. However, we recommend not to neglect the prevention of your devices and also to follow the activities of the Cybersecurity Team of Masaryk University, which warns you of current threats.