A newly numbered Windows zero-day vulnerability (CVE-2022-30190) is being exploited in the wild via specially crafted Office documents (without macros), security researchers are warning.
After initially dismissing the vulnerability as “not a security related issue”, Microsoft has now issued a CVE and has offered a temporary workaround until fixes can be provided.
Detected attacks
Boobytrapped office files delivered via email are one of the most common tactics attackers use to compromise endpoints, and they are constantly finding new ways to hide the documents’ malicious nature from existing security defenses, solutions, as well as users/targets.
