Microsoft Won't Say If It Will Patch Critical Windows Vulnerability Under Exploit
Freeman writes:
CERT Ukraine also said it was tracking exploits on targets in that country that use email to send a file titled "changes in wages with accruals.docx" to exploit Follina.
[...]
The simple act of the document appearing in the preview window, even while protected view is turned on, is enough to execute malicious scripts."It's more serious because it doesn't matter if macros are disabled and it can be invoked simply through preview," Jake Williams, director of cyber threat intelligence at the security firm Scythe, wrote in a text chat. "It's not zero-click like a 'just delivering it causes the exploit' but the user need not open the document."
Researchers developing an exploit module for the Metasploit hacking framework referred to this behavior as a low-interaction remote code execution. "I was able to test this using both the .docx and rtf formats," one of them wrote. "I was able to gain execution with the RTF file by just previewing the document in Explorer."
Read more of this story at SoylentNews.