CERT Ukraine also said it was tracking exploits on targets in that country that use email to send a file titled "changes in wages with accruals.docx" to exploit Follina.
[...]
The simple act of the document appearing in the preview window, even while protected view is turned on, is enough to execute malicious scripts."It's more serious because it doesn't matter if macros are disabled and it can be invoked simply through preview," Jake Williams, director of cyber threat intelligence at the security firm Scythe, wrote in a text chat. "It's not zero-click like a 'just delivering it causes the exploit' but the user need not open the document."
Researchers developing an exploit module for the Metasploit hacking framework referred to this behavior as a low-interaction remote code execution. "I was able to test this using both the .docx and rtf formats," one of them wrote. "I was able to gain execution with the RTF file by just previewing the document in Explorer."
(Score: 5, Touché) by canopic jug on Friday June 10 2022, @08:49AM (2 children)
"Microsoft Won't Say If It Even Can Patch Critical Windows Vulnerability Under Exploit"
There. Fixed that for you.
Money is not free speech. Elections should not be auctions.
(Score: 3, Interesting) by Ingar on Friday June 10 2022, @10:02AM
"Microsoft won't say if the CIA allows it to patch critical Windows vulnerability under exploit in Ukraine"
There. Debugged that for you.
(Score: 2) by Opportunist on Friday June 10 2022, @11:21AM
Fixing that vulnerability is fairly straightforward, it just poses one crucial problem: It would nearly certainly break telemetry.
And we can't have that, screw your security.
(Score: 0) by Anonymous Coward on Friday June 10 2022, @08:49AM (1 child)
Security through obscurity?
Or more
"You'll see it when it's fixed... or not... we don't care to tell"?
(Score: 2) by Opportunist on Friday June 10 2022, @11:17AM
The MS delivery date: "It's gonna be here when it's here, dammit!"
(Score: 3, Insightful) by Booga1 on Friday June 10 2022, @11:05AM (3 children)
Is there anything preview system coders can't screw up? I generally hate automatic previews of things, mostly because this type of issue has affected so many different applications over the years.
Automatic previews are also wasteful of bandwidth when the program trundles off to fetch some website I never even intended to visit. Unfortunately the rest of the world seems to like it, no matter how many times we get hit with these problems.
(Score: 1, Informative) by Anonymous Coward on Friday June 10 2022, @11:49AM
I'm not sure if people care. If it is there, they use it, and if it is not, they don't think about it. It comes off to me like if you are test driving a car and the salesperson says "and look, the cup holders are larger than normal to accommodate those larger insulated coffee cups" and I think "oh, that's nice," but it certainly wouldn't have been on my list of requirements I had going in to look at cars.
(Score: 3, Interesting) by Common Joe on Monday June 13 2022, @03:27AM (1 child)
In my job, I've seen a bug for several months. With certain Excel files (but not all), having the Windows Explorer preview pane turned on causes both Windows Explorer and Excel (if it's already open) to freeze. You have to kill the right Windows Explorer in Task Manager to free it up (or reboot the computer). Before this, I didn't even know Windows Explorer had a preview pane. I haven't had time to figure out what functionality is used in Excel to cause this and report it. My solution is simply to turn off the preview pane in Windows Explorer. I don't know why users like the preview stuff so much. Personally, I can't stand the auto preview stuff in Outlook for security reasons, but every time a new outlook folder is created, the preview is turned on by default. /rant
(Score: 0) by Anonymous Coward on Tuesday June 14 2022, @06:36AM
We had a similar bug. To reproduce I believe you need formulas that depending on recalculation-specific data (TODAY, RAND, INFO, etc.), a large number or complex formulas such that they reach a high enough wall time, (and maybe collaboration set to a value I don't remember or recalculation/autosave in Excel turned up for it to be affected). This seems to cause a recalculation loop in Explorer for some reason (bad timeout? repeated atime change? writing calculated formulas?) and then that seems to trigger Excel to act funny (repeated lock/unlock by Explorer? collaboration change detection? recalculation?).
FYI: your other problem can be fixed globally by using Ribbon -> View -> Current View -> Change View.
(Score: 2, Insightful) by Anonymous Coward on Friday June 10 2022, @12:29PM
you are a fool.
Ya I know, you think you need them for the software they provide.
Well that excuse is getting really thin now.
Cut the wart out now or let it grow.
Find alternatives and dump the mother fuckers like we all need to start soing with Google.
(Score: 0) by Anonymous Coward on Friday June 10 2022, @04:59PM (1 child)
If I'm reading it correctly this exploit requires a chain of vulnerabilities in different parts of MS Windows, and those different parts are handled by different departments within the company. Microsoft is famously at war with itself so it looks like the problem is figuring out which of the at-fault departments has to take the blame and make the fix. Under those circumstances it shouldn't be surprising that nobody at MS wants to deal with it.
(Score: 2) by driverless on Friday June 10 2022, @09:43PM
Alternatively, to break the chain yourself, fire up RegEdit and delete HKEY_CLASSES_ROOT\ms-msdt and all subkeys.