It was the end of May as a security researcher sounded the alarm about Follina, a security hole that utilizes multiple versions of Office and Windows diagnostic tools. On Tuesday, Microsoft released a patch against the vulnerability, which the company writes about in an update in its security guide and in a blog post.
Microsoft urges everyone to install the update for Windows as soon as possible.
At the same time, Ukraine’s cyber defense warns that the Russian hacker group Sandworm since April is believed to have used Follina to carry out cyber attacks, reports Bleeping Computer.
In the Russian attacks, the vulnerability is activated by a malicious docx document sent via e-mail entitled “List of links to interactive maps”. If the document is opened, Javascript code is executed which retrieves “2.txt” which should be the CrescentImp malware. It is currently unclear exactly what its functionality is.
According to Ukraine’s CAC, the hackers have sent out over 500 of these emails with malicious documents to various news companies in Ukraine.
Also read: New attacks on Microsoft Exchange server with the hostage program Blackcat
–