One of the scariest news items to wake up to is that there is a ‘zero-day’ vulnerability in a common piece of software.
That means that the hacking community has found an opportunity to hack a bit of software and there is no update yet – ‘zero’ days to apply a fix. Even worse when the common piece of software is Microsoft Office!
That has been the case – code name ‘Follina’ – a Zero-day attack
Microsoft made us aware of it on the 31st NZ time (30th in the US – with this notice )
Basically, it means a hacker can trick Office to run code on your PC with all the permissions you have, potentially changing data or even creating or changing accounts. When a hack gets this amount of coverage, other hackers read it, and start putting effort into exploiting it as well, so it is urgent that we are across these risks and applying fixes as they come to hand.
Kinetics KARE clients can relax – We have your back
As you would expect we immediately swung into action. By the time I have finished writing this, we will have rolled out a workaround to all devices protected by KARE to prevent execution of this.
At the same time, we’re getting updates from antivirus vendors who are attempting to roll out the signatures to block this. It is also a great reason why KARE for Security is an effective solution – the more advanced xDR software that is included in KARE for Security incorporates a behavioural analysis capability that goes above and beyond standard AV signature detection and would have thwarted these particular risks anyway.
No matter what, don’t make it easy for them. Always make sure you know what files you are opening (don’t open random files from the internet!)