MS Word vulnerability could lead to stealing your bitcoins

[Welsh]

For anyone that hasn't actually changed from Windows to Linux, who has tried in the past, but couldn't get along with it. Common distributions like Ubuntu are now incredibly similar to Windows. The change over would be somewhat seamless.

The only problem you're likely to run into is installing software, but since a lot of places are now offering packaged executables, that don't require any terminal know how, but a simple check for allowing as a executable, and double cliking it, the process is becoming more simple. Obviously, this has its own security risks, so obviously verify, and all that.

For any software that requires a bit of terminal work, the process is usually similar. For example, downloading a .deb, installing via dpkg -i, then installing any dependencies which it should flag up.

Since you probably aren't going to be constantly installing software, setting up your machine over a weekend should be enough, and then the repo's will likely be added to Ubuntu, and will update through the GUI updater or alternatively the terminal.

What I'm saying is, many years ago making the switch to Linux was troublesome, but Linux has come a long way for less technical users to actually use. I've not had a Windows machine for years now, completely converted, including a gaming machine. I won't be going back either.

Lol, say what? A random file can get full access and all it has to do is being copied? How are people still using software from this very large corporation?
Who are those brave people using Bitcoin wallets on Windows? I don't even dare to enter my email password on it.

Don't know about you, but a file that doesn't even need to be technically executed by the user, and simply copied onto their machine is what I'd call critical. I guess Microsoft might be downplaying it because the attack surface is rather low, and hasn't been widely distributed, but that could change over night.

Although, it still comes down to how the user uses the software, rather than it inherently being insecure, since the user would have to download that .doc in the first place. However, it's a rather sly one, as most people wouldn't even think twice about a .doc.

• If one of your computers gets infected, not everything you have and do will be considered to be compromised.

Yeah, but obviously if the computers are connected in any way, i.e via using the same USB's or through the same network, they should ideally be considered compromised, even if they aren't proven to be.

[1715236439]

1715236439

[1715236439]

1715236439

[1715236439]

1715236439

[1715236439]

1715236439

[dkbit98]

Who are those brave people using Bitcoin wallets on Windows? I don't even dare to enter my email password on it.

Most of them are using wiNd0ws and some of them are even bragging with that, because it's not ''hard'' to use like Linux, and they don't care if OS is spying them non-stop
If someone is so addicted to win OS, better try something called windows Ameliorated, that has all spyware and bloatware removed.
However, for everyday use and for Bitcoin wallets I would always suggest Linux OS.

For anyone that hasn't actually changed from Windows to Linux, who has tried in the past, but couldn't get along with it. Common distributions like Ubuntu are now incredibly similar to Windows. The change over would be somewhat seamless.

I would personally avoid recommending Ubuntu to masses who want to switch from gates OS, even if it is better option than wiNd0ws OS, there are better Linux alternative.
Maybe best option is Linux Mint or Debian that are rock stable, they have familiar style for switching to Linux, and most Bitcoin wallets works perfectly for them.
Most of them are coming with preinstalled alternative Office package with Word.

[NeuroticFish]

For anyone that hasn't actually changed from Windows to Linux, who has tried in the past, but couldn't get along with it. Common distributions like Ubuntu are now incredibly similar to Windows. The change over would be somewhat seamless.

I would personally avoid recommending Ubuntu to masses who want to switch from gates OS, even if it is better option than wiNd0ws OS, there are better Linux alternative.
Maybe best option is Linux Mint or Debian that are rock stable, they have familiar style for switching to Linux, and most Bitcoin wallets works perfectly for them.
Most of them are coming with preinstalled alternative Office package with Word.

I am mainly a Windoze user and I cannot give it up on this laptop because it's expressly needed for my work, but I've put Linux Mint to my wife's laptop and it's basically straightforward.
On the other hand, I've tried both Debian and Ubuntu on WSL and I didn't find them as friendly as Mint. So I agree with @dkbit98 on this.
And yes, most of the tools are similar. I didn't get to see yet if Only Office also works there.

[LoyceV]

On the other hand, I've tried both Debian and Ubuntu on WSL and I didn't find them as friendly as Mint. So I agree with @dkbit98 on this.

Over the years, I tend to switch once in a while. You may want to add Kubuntu to the list too.

[Pmalek]

...if you check out the reports you will find most hacks and scams are done to window users only as it's not as good as Linux when it comes to security perspective.

It's not just that Windows is not as good and as secure as Linux, Windows has a bigger userbase than all the other operating systems combined. That means a greater chance for effective malware distribution and infection. It's also important to consider what kind of crowd is attracted to Linux and who uses Windows. Linux is a OS that is not that user-friendly as Windows. So you would expect that it's used by those who are more experienced. Developers, technology enthusiasts, security experts, privacy advocates... That's not your usual target group that will get phished, open unfamiliar emails and attachments, or install fake software. Those who do that use Windows. 

In your case the thing is different like you are not sharing any of the device plug ins and not having cryptos on your computer but for many they are storing funds on Metamask...

My crypto is not on exchanges and desktop wallets. It's on a hardware wallet. But I don't use that machine for other activities.   

[NeuroticFish]

And yes, most of the tools are similar. I didn't get to see yet if Only Office also works there.

Use LibreOffice instead. OpenOffice isn't actively developed.

I do use LibreOffice. I wanted to give Only Office (not OpenOffice) a try since they claim to offer better compatibility with MS Office. I've read about it in this topic and I wan to see if it's indeed good.
(However, using actual MS Office for free in the browser is also an option).

Debian isn't suitable for beginner (those who never use/give up using Linux) anyway. Excluding non-free driver by default with lots of download option (CD, DVD, different DE, etc.) would give beginner hard time.

Agreed.

[dkbit98]

Debian isn't suitable for beginner (those who never use/give up using Linux) anyway. Excluding non-free driver by default with lots of download option (CD, DVD, different DE, etc.) would give beginner hard time.

There is Linux Mint Debian edition and regular user won't even notice any difference between that and regular Linux Mint that is based on Ubuntu.
I would argue that Ubuntu is not beginner friendly for anyone who wants to switch from wiNd0ws, but there are other options like Zorin OS and many others.
There is even one LinuxFX win clone (made by Rafael Rachid from Brazl) that looks and feels almost identical like win11 spycrap and it's free:
https://www.linuxfx.org/

[cheezcarls]

Is it a real risk, or an exaggeration?

It seems to me like a bit of both … The company Wallet Guard has issued a warning on a vulnerability they’ve detected in MS Word named "follina". Wallet Guard has classified the vulnerability as critical (0-day vulnerability), although Microsoft seems to downplay the scale, and does not award it the same classification by their standards.

The exploit seems to allow a hacker to take full control of your windows environment, simply by downloading a malicious .doc, .docx or .rtf file onto your environment. You don’t even need to open the document itself for the exploit to be set in motion. Apparently, a said malicious document can exploit MS Word template features, and execute external html or java code.

But the added danger seems to reside in yet another vulnerability tied to MSDT (Microsoft Support Diagnostic Tool), which theoretically allows MS to gain remote control of your environment to perform support (something we shouldn’t even want in our system per se).
MSDT requires that you enter a password to grant remote access, but apparently, a vulnerability can be exploited to bypass the password requirement, thus allowing a hacker to access your system.

This is, according to Microsoft, the way you can disable MSDT URL protocol:

1.   Run Command Prompt as Administrator.
2.   To back up the registry key, execute the command “reg export HKEY_CLASSES_ROOT\ms-msdt filename“
3.   Execute the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f”.

The above caught my attention whilst reading an article on the Spanish Media, that literally stated that a Microsoft vulnerability could allow your bitcoins to be stolen. The possibility of course stands, if someone gains remote control to your environment, and you’ve got critical information lying around in files (i.e. seeds), although this is not something that specifically targets crypto, but that opens a potential door to multiple forms of wrongdoing.

On the other hand, there don’t seem to be any reports of this exploit been used by hackers to date, either because the case is too fresh, or not that easy to become acquainted with and exploit.

All in all, just in case, I’ve disabled the MSDT URL protocol…

See:
https://twitter.com/wallet_guard/status/1531848479911432192
https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/

I usually do not use MS Word a lot, but this is truly something new to me regarding a possibility for our Bitcoins to get compromised. These hackers are getting smarter trying to do something new and fresh. While we are learning from our mistakes and doing whatever it takes to prevent ourselves from getting scammed or hacked, these hackers are also learning about their failed attempts too. I'll be doing this to prevent my BTCs from getting compromised in the future in this method, as well as being careful in downloading these so-called malware DOC files from the internet.

[Oluwa-btc]

Thank you for sharing Ddmr Ddmr, with all that said, I think those who save their keys directly in them system will fall prey fall for this shit hmm ? Reasons to why it's never a good decision to save private keys in your mobile phone's or system.
But how can someone know it's bad or harmful?  How can you detect it ?
With Anti-virus in your system, can it really work ? Or should I say can Anti-virus be aware of such or detect such ?

[DdmrDdmr]

<...>

I’d read through the blog entry to see what suggestions may be applicable besides disabling the MSDT URL Protocol. The blog, although dated 30/05/2022 is being updated every now and then, and it does provide some specific MS Defender for those that use it. Not sure how what capabilities other antiviruses may provide in terms of prevention and detection regarding this issue.

The blog also suggests switching-on either MS Office Protected View or Application Guard for Office. Nevertheless, the former will treat office docs in read-only mode which is not going to be really very useful in general terms, and the latter seems to be for organizations that have MS 365 E5, which is going to leave out regular users and users of other MS Office versions.

The blog additionally references this MS entry which is also being updated every now and then, and that currently still indicates that "Microsoft is working on a resolution and will provide an update in an upcoming release.", with no associated time estimate.

In the interim, one may need to be more certain about the nature of the documents he opens (i.e. self-created documents should be reliable; external documents, as usual, should be subject to more scrutinity).

[Lucius]

On the other hand, there don’t seem to be any reports of this exploit been used by hackers to date, either because the case is too fresh, or not that easy to become acquainted with and exploit.

It seems that attacks related to this vulnerability were noticed a month ago, and according to the information gathered, it seems that the vulnerability was first used by Chinese hackers. In addition to the method you mentioned in the OP, the article says that there is an unofficial patch, although this is not something I would personally apply.

As with any new zero-day, Follina is already being exploited in the wild and security researchers from Proofpoint have discovered that the Chinese state-sponsored threat actor TA413 has been using the vulnerability to target the international Tibetan community.

In a tweet (opens in new tab), the company’s researchers explained that TA413 is using malicious URLs to deliver ZIP files that contain weaponized Word documents that exploit Follina. At the same time, MalwareHunterTeam (opens in new tab) also found Word files with Chinese filenames that are currently being used to install infostealers.

It’s worth noting that attacks exploiting Follina were spotted over a month ago when sextortion threats and invitations to do an interview with Sputnik radio were both used as lures according to BleepingComputer.

[Oluwa-btc]

@Lucius they seems to have been exposed since May 27 according to Wallet Guard on Twitter.

They are state-sponsored North Korean hackers famous for attacking Sony, large banks, major DDoS attacks against South Korea, and WannaCry. Yes, the same WannaCry ransomware attack that crippled the NHS in 2017.

I don't know how Valid but take a good look at the sources from Wallet Guard Twitter, well expanciated!


https://twitter.com/wallet_guard/status/1531848479911432192?t=LxOHhHxddxJTownuDrj61A&s=19

https://twitter.com/wallet_guard/status/1509196531202932736?t=8NdgSFO1DUaUFo3SY_D-zQ&s=19



https://twitter.com/wallet_guard/status/1531848493265993731?t=en6MOyXHr3CnIv6NAMDElA&s=19


 Wallet Guard recommendations:
- Discontinue use of Word for the time being
- Utilize Google Docs
- Disable MSDT (see next tweets)
- Utilize PDF instead of vulnerable extension types