Microsoft has released guidance for an emerging zero-day vulnerability, dubbed “Follina, that allows remote code execution in Office products, triggered by opening malicious Office documents.
The vulnerability has been proved in Office 2013, 2016, 2019, 2021, Office ProPlus, and Office 365. Bad actors may try and deceive victims into opening documents using email attachments, social media links, file downloads, or other creative delivery methods.
There is no need to panic! This vulnerability makes it easier for hackers to gain access to your network, however, malicious documents are a common attack strategy so vigilant users can defend against these unpredictable threats.
WHAT TO DO:
- You will likely need to update your endpoints once a security patch is available.
- Make sure you’re running the most current version of antivirus software. (Braver will take care of this for our clients.)
- Caution your users to be extra vigilant when receiving/opening attachments (particularly Microsoft Office documents) and clicking links.
- If you are interested in learning more about this, give our office a call.
The Braver Technology team will continue to actively monitor the ongoing situation and have established a preventive posture with our partners. We will provide additional information with email communications to clients as it becomes available.