Homepage Rankings and Research Companies Channelcast Marketing Matters CRNtv Events Acronis #CyberFit Summit 2021 Avaya Newsroom Experiences That Matter Cisco Partner Summit Digital 2020 Cloudera Newsroom 2022 Intel Partner Connect 2021

Huntress CEO: Microsoft Zero-Day Vulnerability Ranks As A ‘7 Or 8’ Threat

Channel players and customers need to caution employees not to open suspicious attachments, says Kyle Hanslovan

Microsoft’s confirmation of a zero-day vulnerability impacting Microsoft Office may not be the worst cyberthreat to emerge over the past year or so.

But Kyle Hanslovan, the CEO of MSP threat researcher Huntress, says he considers ‘Follina,’ as the Microsoft zero day vulnerability is now being called, a serious enough threat to immediately implement a suggested temporary fix and to warn employees not to open suspicious email attachments.

“This is going to allow hackers to get into your computer more easily if you open a document from somebody untrusted,” he said in an interview with CRN. “Even worse, they’re sometimes using people’s legitimate emails that they’ve already hacked to send an email that looks more trusted. That makes it even harder to identify.”

[RELATED STORY: Microsoft Confirms ‘Follina’ Office Zero Day Vulnerability]

Asked how he’d rate the Microsoft zero-day threat on a scale of one to 10, with 10 being most severe, Hanslovan said: “I’d say we’re probably between a 7 or 8. Others might classify it as critical, which they would call a 10 out of 10. But the reason why I’m giving that lower score is (because) there’s always an email threat out there.”

In a way, the zero-day vulnerability in Microsoft Office, which allows hackers to run shady code on systems via a flaw in a remote Word template feature, is almost a throwback threat, Hanslovan suggested.

“For the last 20 years, we’ve regurgitated the same news cycles: There’s a vulnerability, a hacker can use it to get into your computer, and when they get into your computer they’re going to take your data and hold your data hostage for ransom.”

News of the zero-day vulnerability in Microsoft Office first surfaced over the weekend, when Japanese security vender Nao Sec warned of the threat in a tweet.

Among others, Huntress over the holiday weekend issued a “rapid response,” warning that there was no patch yet for the vulnerability and urging people to be “extra vigilant when opening up any attachments, particularly Word documents.”

By Monday, Microsoft confirmed the problem in a blog post, warning of potential dangers, offering extra guidance and urging MSPs and IT administrators to disable Microsoft Diagnostics Tool (MSDT) URL protocol.

In addition, Microsoft advised customers with Microsoft Defender Antivirus to turn-on cloud-delivered protection and automatic sample submission.

As of Monday afternoon, Microsoft had not produced a patch yet, referring inquiries to its previous blog announcements.

Huntress’s Hanslovan said it’s important that channel players and customers follow Microsoft’s technical guidance on how to block to the vulnerability until a patch is developed.

“The only small-writing caveat is that by doing this you’re losing some functionality,” he said. “For instance, if you have some application that you didn’t know uses this functionality, you may hinder some productivity.”

Hanslovan added it’s important that people also communicate with employees about suspicious attachments.

“Communicate clearly to others that, yes, there is a heightened threat and that you need to be extra vigilant when you’re interacting with any sort of trusted or untrusted file,” he said.

He said it’s particularly important to communicate with non-tech personnel about the cyber-dangers posed by the zero-day vulnerability.

“The people getting attacked by this are often like the finance person opening up an invoice that says ‘remit payment,’” said Hanslovan.


Back to Top



    trending stories

    sponsored resources