Remote code execution (RCE) attacks allow an attacker to remotely execute malicious code on a computer. What is the risk in Remote Code Execution (RCE)? ![]() ![]() Office 2013, 2016, 2019, 2021, and some versions of Office included with a Microsoft 365 license are subject to this vulnerability on both Windows 10 and Windows 11. The vulnerability, now dubbed “follina” sees a word document using a remote template feature to retrieve an HTML File from a remote server, and by using an ms-msdt MSProtocol URI scheme can execute a PowerShell. On May 30th researchers revealed a zero-day vulnerability in Microsoft Office that if exploited by using a malicious word document, might enable code execution on a victim’s machine.
0 Comments
Leave a Reply. |