Multiple Microsoft Office versions impacted by an actively exploited zero-day

A zero-day flaw in Microsoft Office that could be exploited by attackers to achieve arbitrary code execution on Windows systems. The cybersecurity researcher nao_sec discovered a malicious Word document (“05-2022-0438.doc”) that was uploaded to VirusTotal from Belarus. The document uses theĀ remote templateĀ feature to fetch an HTML and then uses the “ms-msdt” scheme to execute PowerShell … Continue reading Multiple Microsoft Office versions impacted by an actively exploited zero-day