ION Networks is keeping a close eye on the developing threat of a zero-click remote code execution technique used through MSDT (Microsoft Diagnostics Tool) utilities. This new attack vector enables hackers to more easily compromise users with malicious Microsoft Office documents, namely Microsoft Word.
All potentially affected ION supported laptops and workstations have been updated with a mitigation to the on-going threat, and will be updated with a patch when available.
Throughout the next few days, we expect exploitation attempts in the wild through email-based delivery. Here is what we know so far:
This is a 0-day attack that sprung up out of nowhere, and there’s currently no patch available
This 0-day features remote code execution, which means that once this code is detonated, threat actors can elevate their own privileges and potentially gain “god mode” access to the affected environment
The mitigations that are available are messy workarounds that the industry hasn’t had time to study the impact of.
Detonating this malicious code is as simple as opening up a Word doc—in preview mode
It is vital that you and your employees are especially vigilant about opening any email attachments in the coming days.
If you would like to discuss your Cyber Security needs with us, please call us on 01842 890000 or visit our website for more details.