Microsoft Office Zero-Day Vulnerability Abused To Execute PowerShell On May 27, 2022, a zero-day remote code execution bug in Microsoft Office was discovered by Nao_Sec (1) and dubbed “Follina” by researcher Kevin Beaumont. This vulnerability enables an unauthenticated person to gain persistent access and take control over a target system remotely by exploiting downloaded Microsoft Office files. Hackers can use it to execute malicious PowerShell commands through Microsoft Diagnostic Tool (MSDT) even if Office macros are disabled. “The document uses the Word remote template feature to retrieve an HTML file from a remote webserver, which in turn uses the ms-msdt MSProtocol URI scheme to load some code and execute some PowerShell,” researcher Kevin Beaumont explained. “That should not be possible.” (2) On May 30, 2022, Microsoft issued CVE-2022-30190. Microsoft Office versions 2013, 2016, 2019, and 2021, as well as Professional Plus editions, are impacted. However, there is no patch available