Security News > 2022 > June > Windows zero-day exploited in US local govt phishing attacks
European governments and US local governments were the targets of a phishing campaign using malicious Rich Text Format documents designed to exploit a critical Windows zero-day vulnerability known as Follina.
BleepingComputer is aware of local governments in at least two US states that were targeted by this phishing campaign.
"Proofpoint blocked a suspected state aligned phishing campaign targeting less than 10 Proofpoint customers attempting to exploit Follina/CVE 2022 30190," security researchers at enterprise security firm Proofpoint revealed.
Windows information: Computer information, list of usernames, Windows domain information.
The security flaw exploited in these attacks is tracked as CVE-2022-30190 and was described by Redmond as a Microsoft Windows Support Diagnostic Tool remote code execution bug.
While Microsoft is yet to release CVE-2022-30190 patches, CISA has urged Windows admins and users to disable the MSDT protocol abused in these attacks after Microsoft reported active exploitation of the bug in the wild.
News URL
Related news
- Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks (source)
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Russian hackers shift to cloud attacks, US and allies warn (source)
- FBI, CISA warn US hospitals of targeted BlackCat ransomware attacks (source)
- European retailer Pepco loses €15.5 million in phishing (possibly BEC?) attack (source)
- Need to Know: Key Takeaways from the Latest Phishing Attacks (source)
- Lazarus hackers exploited Windows zero-day to gain Kernel privileges (source)
- Vishing, smishing, and phishing attacks skyrocket 1,265% post-ChatGPT (source)
- Iranian charged over attacks against US defense contractors, government agencies (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-01 | CVE-2022-30190 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Microsoft products <p>A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. | 7.8 |