IT News
74

CVE-2021-40444 : New Microsoft Office zero-day used in attacks to execute PowerShell






  31-May-2022 22:19:04



CVE-2021-40444 : New Microsoft Office zero-day used in attacks to execute PowerShell

Microsoft Office zero day found by accident

Last Friday, security researcher nao_sec found a malicious Word document submitted to the Virus Total scanning platform from an IP address in Belarus.

"I was hunting files on VirusTotal that exploited CVE-2021-40444. Then I found a file that abuses the ms-msdt scheme," nao_sec told BleepingComputer in a conversation.

"It uses Word's external link to load the HTML and then uses the ‘ms-msdt’ scheme to execute PowerShell code,” the researcher added in a tweet, posting a screenshot of the obfuscated code below:



https://www.bleepingcomputer.com/news/security/new-microsoft-office-zero-day-used-in-attacks-to-execute-powershell/ 


DISCUSSION
Nothing comment here :(
Login for comment and discussion.
Login Here
Sponsored

Oppss... No sponsors yet

Popular Posts
Complete Basic Course in Kali...
Djie sam soe Djie sam soe
Linux
10414
2
Top

Gps Tracker Seccodeid Free Too...
Djie sam soe Djie sam soe
General
7260
167
Top

Free Proxy List
Sandidi Sandidi
Networking
3073
3
Top

Mass Reverse IP Unlimited
ImamWawe ImamWawe
Tools Hacking
2379
12
Top

Report McAfee Antivirus Hurrri...
Indrasp Indrasp
Windows
1710
93
Top

Related Post

Youtube Video

Subscribe