Zero-Day Vulnerability – Microsoft Office Vulnerability (“Follina”) Could Trigger by Hovering Over Saved File

Yesterday, Microsoft issued an advisory for a zero-day remote code execution (RCE) vulnerability impacting Microsoft Office. The vulnerability, tracked at CVE-2022-30190, has been dubbed “Follina” and is trivial to exploit. The best defense at the moment is to make users aware of this threat. Users should also be made aware that this exploit can be triggered simply with a hover-over preview after they’ve downloaded a specially crafted file even if they don’t click to open the file.