Top
image credit: Adobe Stock

Researchers discover zero-day Microsoft vulnerability in Office

May 31, 2022

Malicious actors are using a previously undisclosed zero-day, zero-click vulnerability in Microsoft Office to execute PowerShell commands without user interaction, according to security researchers.

The vulnerability – discovered by security researcher nao_sec on 27 May and later dubbed CVE-2022-30190 by Microsoft – leverages the Microsoft Diagnostic Tool (MSDT), which is used to execute the PowerShell code after calling a HTML file from a remote URL.

Read More on Computer Weekly