On May 27, a cybersecurity vulnerability was disclosed by Microsoft. The vulnerability is within the Microsoft Support Diagnostic Tool (MSDT), a standard tool that operates within Windows. Cyberattackers can exploit this vulnerability using applications such as Microsoft Word. Because this vulnerability was previously unknown, no patch currently exists.
If a cyberattacker were to exploit this vulnerability, then they could execute code that can lead to access to a user’s local machine—possibly allowing that attacker to compromise your network, steal or corrupt data, and install malware. Unleashing malicious code can happen if a user opens a vulnerable Word document—even in preview mode. Threat intelligence reports indicate that cyberattackers are already looking for vulnerable applications to exploit.
The Good News
- Endpoint Detection and Response (EDR) can catch and kill the exploit.
- It appears that the vulnerability does not exploit the latest versions of Microsoft Office.
- Mainstream email protection tools (such as Office 365’s Advanced Threat Protection) are also picking up this vulnerability, detecting it as a virus and putting controls in place.
What You Can Do
Employees are at the front lines of these attacks and it’s always good to remind them of ways to spot—and avoid—phishing attacks.
- Question email messages and be skeptical. Assess the email subject line, sender’s email address, message, and look and feel of the email.
- Be VERY careful about attachments, links, and buttons—do not click or open anything unless you are 100% sure it came from a trusted source and you are expecting something from that person.
- Be careful if a Microsoft Word, Excel, or other common file requires you to download or enable something to open it.
- Be careful if the email is unusually enticing or urgent.
One of the best mitigations we have at our disposal right now for these kinds of situations is EDR. In a worst-case scenario of a cyberattacker exploiting this vulnerability, EDR can help detect suspicious behavior, isolate any infected devices, and prevent attackers from accessing your entire network.
VC3 continues to invest in tools and resources to minimize the risk of zero day vulnerabilities impacting organizations. As cyber threats continue to evolve, we continue to diligently work to stay ahead of the cyberattackers and provide tools that are consistent with guidance from industry best practices.
If you have any questions about this vulnerability or want to talk about your cybersecurity needs in an ever-changing, ever-evolving environment, reach out to us through the form below.