Cybersecurity expert, Kevin Beaumont, has warned Microsoft Office users about a scam that uses a hole in a Microsoft Word. The scam, dubbed “Follina”, involves cybercriminals leveraging a Windows utility called msdt.exe to cause victims to download a malware-loaded Word file. The malware could allow attackers to run arbitrary code, install programs, change or delete data, or create new accounts. Microsoft has issued workaround guidance here.
“What impresses us most is their ability to convey the issue whilst avoiding the technical jargon that those outside of IT really don’t understand.”
- Jason Honey -