Does Follina Mean It’s Time to Abandon Microsoft Office?


As a freelance writer, I spend most of my day working in Microsoft Word. Then, I send drafts to clients and companies across the globe. So, news of the newly discovered Microsoft Office vulnerability made me concerned about the possibility of accidentally spreading malware to my clients. I take extra precautions to ensure that I’m not introducing risk to my clients. Still, using Microsoft Office was something I did many times a day without a second thought.


I brought up the issue to a few of my clients. I was not the only one deciding if their company should abandon Microsoft Office for security reasons. The second question that came up was whether the other alternatives are actually safer. Like many things in business, the decision to use Microsoft Office comes down to a risk-versus-benefits decision.


Zero-Day Follina Vulnerability Spread Through Microsoft Word


At the end of May, UK-based cybersecurity expert and threat researcher Kevin Beaumont discovered Follina. Beaumont wrote that he picked the name because he found the number 0438 in the malicious code. That number is the area code of the Italian town Follina.


With Follina, attackers could take advantage of a vulnerability in Microsoft’s Support Diagnostic Tool to remotely control devices and systems. However, as WIRED explains, the vulnerability spreads through altered Word documents. The attackers use social engineering to get a user to download the infected file and then spread malicious code.


By remotely activating a template, the attackers retrieve an HTML file with malicious code. According to follina abandon microsoft office