Staying Ahead of "Follina"

There was a vulnerability recently discovered that affects Microsoft’s Office software suite. This includes Microsoft Word, Excel, PowerPoint, Outlook, Access, Teams, etc.  The vulnerability is being exploited through the Microsoft Windows Support Diagnostic Tool (ms-msdt) which is bundled with Microsoft Office and the programs mentioned above.

The vulnerability, dubbed “Follina” (CVE-2022-30190), makes use of how the ms-msdt handles URLs. In its simplest form, ms-msdt can allow attackers to execute code on a machine. The vulnerability impacts all Windows versions currently supported by Microsoft.

This exploit is actively being used by cyber criminals. This exploit is most commonly being reported on through the abuse of Microsoft .doc and .rtf files. This exploit doesn’t need any user interaction to process the exploit, it only has to be on the user’s PC.

Microsoft has not released an official patch as of this time, but there are steps to remedy this exploit until that time. We can manually apply a fix to reduce your risk. Otherwise, Microsoft is expected to make a patch available in the future.

Please reach out to us for more information on how to take action regarding this vulnerability.

Read more on this topic here: 

https://www.sentinelone.com/blog/staying-ahead-of-cve-2022-30190-follina/ 

https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/05/microsoft-office-zero-day-follina-its-not-a-bug-its-a-feature-its-a-bug/