On 27th May 2022, a remote code execution (RCE) vulnerability identified as CVE-2022-30190 was uncovered in the Microsoft Support Diagnostic Tool (MSDT). This vulnerability is better known as the “Follina” zero-day vulnerability.
According to Microsoft, “An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.”
In this article, we’ll share some quick facts and what you need to know about this cyber security threat – the Follina vulnerability.
Follina is a serious cyber security threat that allows cyber-attackers to remotely execute arbitrary code through the ms-msdt protocol scheme. By using Word’s remote template feature, cyber-attackers can download and load a malicious HTML file from a remote webserver. This HTML file ultimately allows the attackers to load and execute PowerShell code within Windows.
Simply put, cyber-attackers can easily exploit this vulnerability by tricking users into clicking a link, thereby allowing them remote access to run malicious code on the compromised system. What’s worse is that this bug is present in various supported versions of Windows including Office Suite 2013, 2016, 2019, & 2021 applications, and some versions of Office included with a Microsoft 365 license installed on Windows desktop PCs and servers since 2007.
Further research has also revealed that this Follina vulnerability can also be exploited via Rich Text Format (RTF) files. This means that the malicious code can bypass Protected View (which usually kicks in when files from potentially unsafe locations are opened), and run even without opening the document (via the preview tab in Explorer).
Despite all the doom and gloom, here’s a fun fact about this vulnerability. Security Researcher, Kevin Beaumont, dubbed this vulnerability “Follina” because the sample of the vulnerability he examined has the area code for the Italian village of Follina. Read more here.
According to Microsoft Security Response Center (MSRC), Microsoft issued Windows updates on 14th June 2022 to address this vulnerability. These updates should be installed and applied as soon as possible. More information from MSRC can be found here.
Alternatively, a safer, more convenient, and worry-free way to mitigate the Follina cyber security threat is to seek help from a good cyber security company. Of course, this is not an easy decision as there are many factors to consider when choosing the best cyber security company for your business. If it helps, read our article on tips for selecting a good cyber security company.
Adventus is a top Cyber Security Solutions & Services Provider with our own Security Operations Centre (SOC). Our efficient SOC team is diligently monitoring, detecting, and responding to any cyber security risks or threats in our customers’ environments.
In the case of this Follina vulnerability, Adventus can help by performing a thorough scan of your IT environment to identify this cyber security threat and recommending the best course of action to mitigate the risks. Get in touch with us now to better detect, prevent and eliminate your company’s exposure to cyber security threats like Follina.