Skip to content

Caution: Crypto holders with Windows face a new critical MS vulnerability

Caution: Crypto holders with Windows face a new critical MS vulnerability

Cybersecurity researchers have revealed a zero-day vulnerability dubbed Follina in Microsoft Office that can affect a computer using malicious Word documents.

In a Twitter thread, anti-phishing extension provider Wallet Guard stated that the vulnerability could enable malicious actors to take charge of the victim’s computer without opening the file. 

Additionally, the exploit is not complicated and cannot be detected by anti-virus. 

“This exploit is a mountain of exploits stacked on top of each other. However, it is unfortunately easy to re-create and cannot be detected by anti-virus,” Wallet Guard said. 

How Follina impacts computer 

The attack manifests itself by using the Microsoft Office documents to open a Microsoft Diagnostics Tool (MSDT) file handler. Attackers might leverage phishing or social engineering to get users to open an attached file and gain access to the victim’s entire system from this point. 

In response to the vulnerability, Microsoft had earlier published guidance alongside a security update under CVE-2022-30190. In a blog post, Microsoft acknowledged attackers could use the vulnerability to successfully install programs, view, change or delete data or create new accounts. 

Users leveraging the Microsoft Cloud-Delivered Protection Service have a high chance of remaining safe; however, the researchers recommended disabling the MSDT URL Protocol as a workaround to prevent troubleshooters from launching as links. 

To stay safe, Wallet Guard also suggested that Microsoft Defender’s Attack Surface Reduction (ASR) users can activate the “Block all Office Applications from creating child processes” option into “Block mode.” 

The researchers warned against blindly downloading .doc, .docx, and .rtf files but instead utilize PDF documents and other options like Google documents. 

Additionally, the threat was acknowledged by the United States government through the Cybersecurity and Infrastructure Security Agency (CISA). 

The vulnerability’s detection comes after a recent report revealed that in 2021, total Microsoft malware dropped by 5% to 1,212 from 2020’s figure of 1,268. 

Best Crypto Exchange for Intermediate Traders and Investors

  • Invest in 70+ cryptocurrencies and 3,000+ other assets including stocks and precious metals.

  • 0% commission on stocks - buy in bulk or just a fraction from as little as $10. Other fees apply. For more information, visit

  • Copy top-performing traders in real time, automatically.

  • eToro USA is registered with FINRA for securities trading.

30+ million Users
eToro is a multi-asset investment platform. The value of your investments may go up or down. Your capital is at risk. eToro USA LLC does not offer CFDs, only real Crypto assets available. Don’t invest unless you’re prepared to lose all the money you invest.

Read Next:

Weekly Finance Digest

By subscribing you agree with Finbold T&C’s & Privacy Policy

Related posts

Disclaimer: The information on this website is for general informational and educational purposes only and does not constitute financial, legal, tax, or investment advice. This site does not make any financial promotions, and all content is strictly informational. By using this site, you agree to our full disclaimer and terms of use. For more information, please read our complete Global Disclaimer.