Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

C2 provides technology services and consultation to businesses and individuals.

T (818) 584 6021
Email: info@c2techs.net

C2 Technology Partners, Inc.
26500 Agoura Rd, Ste 102-576, Calabasas, CA 91302

Open in Google Maps
QUESTIONS? CALL: 818-584-6021
  • HOME
  • BLOG
  • SERVICES
    • Encryption
    • Backups
  • ABOUT
    • Privacy Policy
FREECONSULT
Tuesday, 07 June 2022 / Published in Woo on Tech

Still no update to address Office Vulnerability

Warning!

We are now well into week two of a significant vulnerability in all versions of Microsoft Office which allows attackers to use the preview function of Office apps to execute malicious code on Windows PCs. Though Microsoft finally admitted to it being a problem in their CVE posting last Tuesday after knowing about it since early April, they have yet to actually issue any updates to fix the problem. For the moment, we still only have a single way to mitigate this problem, by manually removing Office’s ability to use the app that contains the vulnerability.

What this means for you

What’s unnerving about this lack of urgency on Microsoft’s part is that this vulnerability – dubbed Follina – isn’t obscure or hard to exploit. It’s in the wild now, as reported and cross confirmed by several security firms, including Proofpoint (whose services we use to protect our clients). At the moment, it’s not clear when (or if!) Microsoft will address this weakness. The danger of Follina is in its ability to be exploited covertly to exfiltrate data. Microsoft Office is pretty much a fixture of every business and government entity on the planet, and the fix is not something your average office worker is going to be able to apply, nor confirm that it is in fact effective. Typical virus protection may not detect an attacker exploiting Follina as the attackers can use existing apps and protocols built into Windows to do their exfiltration, and once they have a better understanding of what access and data their compromised machine contains, they can focus their efforts on establishing additional footholds from within, whether in an attempt to ransomware a company, exfiltrate valuable information, or undermine a governmental organization. For now, all we can do is hope that Microsoft realizes how bad of a problem they have on their hands and actually issue a fix. In the meantime, you can contact C2 to make sure the interim fix gets applied to your Windows workstations, as well as ensuring your critical data is backed up in the event you are attacked.

  • Tweet

What you can read next

Windows 10
Windows 10 will be free for 7 and 8 users
Driverless Pizza Delivery? Yes, please!
Biohazard Warning
The pathology and etymology of Malware

2 Comments to “ Still no update to address Office Vulnerability”

  1. BBarry says :Reply
    June 12, 2022 at 8:43 am

    Im using Carbonite to back up. should I consider something else?

    Barry Charles

    1. Christopher Woo says :Reply
      June 21, 2022 at 5:24 pm

      Carbonite is a solid platform.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Social Media monetizes our need to be social

    Part of our occasional series “The Elepha...
  • Freemail accounts will be hacked

    Most of you know that I do not recommend using ...
  • LastPass Breach is bad news for everyone

    Late in the year, just in time for the holidays...
  • 2023 – Approach with Caution

    Traditionally I like my year-end messages to be...
  • Privacy sign

    Popular tax apps leaked your data to Facebook

    While it shouldn’t come as a surprise to any of...

Archives

  • GET SOCIAL
Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

© 2016 All rights reserved.

TOP