ZeroDay Vulnerability in MS Word
A recently discovered zero-day vulnerability allows an attacker to pass malicious code to Microsoft Word even if Word macros are disabled. The Follina attack uses MS Office functionality to retrieve an HTML file that then accesses the Microsoft Support Diagnostics Tool (MSDT) to run some code on the system. Current examples execute code in the user’s security context, but the possibility exists for later privilege escalation using the gamut of known intrusion techniques.
No direct fix is available at this writing. Mitigation suggestions include using the Microsoft Defender's Attack Surface Reduction (ASR) rules to block Office applications from creating child processes or removing the file type designation for ms-msdt so MSDT won’t automatically execute the malicious code.