A short while ago, a new DOCX appeared on a Detection website, originating from Belarus: Click to view.
Initially, at the time of writing, only five of sixty vendors available marked this file, now known as CVE-2022-30190, as malicious. And as of 30/05/2022, only twenty-two of sixty vendors are flagging this now known file as malicious.
We have reverse engineered the malware and provided some initial analysis, including running it through the Zero Trust Content Disarm & Reconstruction (ZTCDR) engine. Some initial analysis of this malicious DOCX reveals that it firstly initiates a remote HTML page and pulls this into the document. Details of this are redacted to avoid any opportunity for attackers.
Using the ZT CDR engine, this file with its invalid elements is rightfully blocked due to its malicious behaviour, replicated across all ZT CDR products.
This means that all businesses protected by Zero Trust CDR are automatically protected from the new Microsoft Office Zero-day vulnerability, regardless of whether they are running an up-to-date system or not. Forcepoint have not had to send a further update to the core engine to address this vulnerability.
The Zero Trust CDR engine ensures that your business is safe from known and unknown threats, zero-day attacks and malware. Always delivering safe and functional content so users can have utter confidence in the files they are receiving from outside their organisation.
If this information is helpful to you read our blog for more interesting and useful content, tips, and guidelines on similar topics. Contact the team of COMPUTER 2000 Bulgaria now if you have a specific question. Our specialists will be assisting you with your query.
Content curated by the team of COMPUTER 2000 on the basis of marketing materials provided by our partners/vendors.
Follow us to learn more
Let’s walk through the journey of digital transformation together.