SafeBreach Labs claims to have discovered a Windows bug that allows a macro script to exploit the flaw and gain unauthorised access to the PC. Microsoft has not yet released a patch to defend against this vulnerability. The exploit has been investigated and appeared to be a targeted attack against an organisation using a malicious Word document – sent as an email attachment – that runs an embedded macro.
This issue once again raises the issue of embedded macros in documents and the security implications that arise from their use. Each and every file that is received as an email attachment should always be treated with suspicion until it is proved to be safe. Furthermore, best practice is to always reply “No” if asked whether to allow a macro to run.
Action: Ensure that macros are disabled. Remain vigilant regarding any files that are received via email.
A Register article with more technical details can be found here:
https://www.theregister.com/2022/10/18/fully_undetectable_windows_powershell_backdoor/