Using Microsoft Office?
Do this: Block all Office applications from creating child processes in "Block mode" and remove the file type association for ms-msdt so Office won't be able to invoke the tool when opening a malicious document.
Why: A recently discovered Microsoft Office zero-day is being used to execute malicious PowerShell commands using the Microsoft Diagnostic Tool.
Additional Info: https://www.bleepingcomputer.com/news/security/new-microsoft-office-zero-day-used-in-attacks-to-execute-powershell/
Using Google Chrome and Chromium-based browsers?
Do this: Patch immediately.
Why: New details have recently emerged about a critical remote code execution vulnerability in the V8 JavaScript and WebAssembly engine used in Google Chrome and Chromium-based browsers. The vulnerability relates to a case of "use-after-free" in the instruction optimization component, which could allow an attacker to execute arbitrary code in the context of the browser if successfully exploited.
Additional Info: https://thehackernews.com/2022/05/experts-detail-new-rce-vulnerability.html/
Using Zoom?
Do this: Patch immediately.
Why: A new vulnerability has been discovered to be abusing the parsing inconsistencies between XML parser in Zoom client and server software. The vulnerability has the ability to smuggle arbitrary XMPP stanzas to the victim machine, forcing the victim client to connect with a malicious server, leading to a variety of attacks.
Additional Info: https://threatpost.com/zoom-patches-zero-click-rce-bug/179727/
Send Us Your Comments
What did you think of this article? Send us a note to let us know what you liked, would like to see more of, or what we can do better. And don't be surprised if we reach back out with a small 'thank you' gift for your feedback.