Lakeside House, Quarry Lane, Chichester PO19 8NY

How to manage the 'Follina' zero-day hole in Office

The internet is abuzz with news of a zero-day remote code execution bug in Microsoft Office.

Known as 'Follina', below is all the information you need to know about the emerging threat posed to you.

What you need to know

  • The vulnerability is triggered by opening malicious Office documents
  • Threat actors may deceive victims into opening these documents using email attachments, social media links, file downloads or other creative delivery methods
  • You will likely need to update your endpoints once a security patch is available. Since this is currently a 0-day, there has not yet been a patch released
  • Whilst this vulnerability makes it easier for hackers to gain access to your network, malicious documents are a familiar attack strategy and vigilant users can turn the tide against these unpredictable threats

What can you do immediately?

  • Caution your users to be extra observant when opening up any attachments, particularly Microsoft Office documents
  • Update your hold music with a quick message to passively educate any callers
  • Add a quick, non-technical blurb to your social media accounts asking for extra vigilance when receiving documents and clicking links because of this new vulnerability
  • Work with your Antivirus vendor to make sure you are running the most current version of their software, and reach out to them with any questions or concerns

If you are worried about this threat, or any other threats, please get in touch with one of our experts who will be happy to help.


Visit LMS Group HQ