Key facts:
“.doc”, “.docx” and “.rtf” files would allow the Word vulnerability to be exploited.
It is advisable to keep bitcoin private keys offline.
A vulnerability detected in the popular word processor, Microsoft Word, would allow an attacker to take full control of a victim’s computer. Theft of bitcoins (BTC) and access to confidential information are some of the possible consequences.
The warning was given today, June 1, by Wallet Guard, a company specializing in security in the field of web 3. According to explain this company, the vulnerability, called “Follina”, could be exploited by downloading certain files with the extensions “.doc”, “.docx” and especially “.rtf”. It is not necessary to open them, it is enough that they reach the computer’s hard drive.
The attacker takes advantage of the «Templates» (or «Templates») of the word processor. This is a feature that allows Microsoft Word to load and run HTML and JavaScript files from external sources.
Thanks to this implementation, a command could be executed that activates a service called “Microsoft Support Diagnostic Tool” (or MSDT, acronym in English for “Microsoft Support Diagnostic Tool»). Is about a tool for the Microsoft team to remotely access the computerin order to correct any damage.
“There’s just one problem,” Wallet Guard clarifies, describing it:
MSDT normally requires the user to enter their password to run it. But MSDT has a buffer overflow vulnerability. Therefore, the hacker can bypass the password protection completely.
Wallet Guard, a company specialized in computer security.
In accordance with the specialized website, redzone.neta buffer overflow vulnerability “is a memory safety issue where software does not consider or check its storage limits. So, the memory of the program receives a greater amount of data than it can actually process according to how it was developed.».
There are several consequences of such a situation. The aforementioned computer portal explains: «in addition to leading to problems with the operation of said software or simply stopping it unexpectedly, exploitable vulnerabilities may come to light».
It is worth clarifying that Wallet Guard does not detail how the attacker can use remote access (intended for use by Microsoft support staff) to access the victim’s computer himself. It is possible – although they do not claim it – that the omission is to prevent it from being put into practice by malicious actors.
How to protect yourself from the Follina vulnerability?
Wallet Guard emphasizes the fact that you do not need to open the file to fall victim to the attack. Just downloading it is enough.
For this reason, the recommendations it offers are radical and begin with “discontinue use of Microsoft Word” until this vulnerability is removed. They also recommend not opening files with the extensions mentioned and preferring to use PDF or work with Google Docs.
In conclusion, they indicate that this flaw could be “one of the worst Word vulnerabilities we have seen.”
What does Microsoft say about this vulnerability in Word?
The company that develops the Microsoft Word program itself confirms that the vulnerability is real. In any case, they indicate that the Windows security system is prepared to block such an attack.
The company created by Bill Gates and Paul Allen proposes, as a solution, disable MSDT protocolfor which it is necessary to run the system as an administrator.
After that, you can run a backup of the registry key using the command “reg export HKEY_CLASSES_ROOTms-msdt filename”. And finally “reg delete HKEY_CLASSES_ROOTms-msdt /f” is executed.
Bitcoin private keys are safer offline
Knowing a vulnerability of this type, it is evident the reason for one of the most repeated tips in the field of Bitcoin: keep private keys offline.
No cloud storage service, no password management software, let alone Notepad or your favorite word processor, will give you the security of a piece of paper.
In the words of specialist Jameson Lopp, “thieves can’t steal what they don’t know you have”. For this reason, as explained in a CriptoNoticias article, physical (offline) storage of the 12 or 24 keywords that give access to your bitcoins is usually the best option. Sure, as long as you don’t forget where you keep that paper.