Typically, it is Android devices that are most affected by hackers. However, an evergreen is that of attacks on Windows systems, as just witnessed by the warning about two dangerous vulnerabilities.
Listen to this article
There seems to be no respite in terms of computer security, not even the users of Windows computers who, recently, have begun to deal with two dangerous vulnerabilities that are decidedly attractive to hackers.
The first, brought to general attention by debunkologist Paolo Attivissimo during his usual weekly podcast for Swiss radio, concerns the vulnerability CVE-2022-30190, baptized as “Follina” by the security expert Kevin Beaumon who had drawn evidence of it in an artfully created Word document, called 05-2022-0438.doc, with the last digits that recall the telephone area code of the town in the province of Treviso.
The vulnerability in question appears to have been used since April, when some Word documents were circulating that offered fake interviews for the Russian press agency Sputnik: there were, then, other more “down to earth” episodes regarding the use of this vulnerability , such as sending documents that boasted the discovery of marital infidelity, complete with photos and a promise of blackmail and / or revenge. What matters is that, regardless of the episodes, the Follina vulnerability involves all recent versions of Office and is particularly frightening, because it acts even if the user does not activate the macros, the usual vehicle for the propagation of similar attacks, or simply displays a preview of the document from the File Explorer (formerly the Explorer).
At the moment, Microsoft has not yet corrected the problem: to protect against it, it is possible to modify some Windows registry keys, according to a procedure illustrated by the software house Sophos (nakedsecurity.sophos.com/2022/05/31/mysterious-follina-zero -day-hole-in-office-what-to-do /) and rely on a good updated antivirus, since the recent software protection solutions are able to recognize and neutralize the Office documents created to exploit “Follina”.
Something similar was also reported on Twitter by the ethical (good) hackers of hackerfantastic.crypto. In this case it is a zero day vulnerability, which would affect the Windows “search-ms” URI search protocol: clicking on some Office 2019 documents but also on RTF (rich text format) documents, a search window would open which would launch some infected executables, giving the attacker control of the victim’s computer.
Also in this case there is no Microsoft fix, and the solution is left to do it yourself. Specifically, from the command prompt (run-cmd in administrator mode) first type “reg export HKEY_CLASSES_ROOTsearch-ms search-ms.reg” to save the registry key, which will then be temporarily deleted via “reg delete HKEY_CLASSES_ROOTsearch- ms / f “.