Security News > 2022 > June > Attackers are leveraging Follina. What can you do?

Attackers are leveraging Follina. What can you do?
2022-06-03 16:08

As the world is waiting for Microsoft to push out a patch for CVE-2022-30190, aka "Follina", attackers around the world are exploiting the vulnerability in a variety of campaigns.

Microsoft has described CVE-2022-30190 as a Microsoft Windows Support Diagnostic Tool remote code execution vulnerability, confirmed it affects an overwheming majority of Windows and Windows Server versions, and advised on a workaround to be implemented until a patch is ready.

The wider security community has been poking and creating proof-of-concept exploits for the flaw, as well as converting MSDT exploits so they can be used with other protocol handlers for a different kind of attack.

We have already mentioned Microsoft's advice, which involves disabling the MSDT URL protocol.

ACROS Security has released free micropatches for various editions of Windows and Windows Server, to be used via their 0patch agent.

Security companies have been adding signatures and rules for detecting malicious documents exploiting CVE-2022-30190, as well as providing general advice.


News URL

https://www.helpnetsecurity.com/2022/06/03/patch-cve-2022-30190/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-06-01 CVE-2022-30190 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Microsoft products
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word.
0.0