Security News > 2022 > June > Windows zero-day exploited in US local govt phishing attacks

Windows zero-day exploited in US local govt phishing attacks
2022-06-06 16:09

European governments and US local governments were the targets of a phishing campaign using malicious Rich Text Format documents designed to exploit a critical Windows zero-day vulnerability known as Follina.

BleepingComputer is aware of local governments in at least two US states that were targeted by this phishing campaign.

"Proofpoint blocked a suspected state aligned phishing campaign targeting less than 10 Proofpoint customers attempting to exploit Follina/CVE 2022 30190," security researchers at enterprise security firm Proofpoint revealed.

Windows information: Computer information, list of usernames, Windows domain information.

The security flaw exploited in these attacks is tracked as CVE-2022-30190 and was described by Redmond as a Microsoft Windows Support Diagnostic Tool remote code execution bug.

While Microsoft is yet to release CVE-2022-30190 patches, CISA has urged Windows admins and users to disable the MSDT protocol abused in these attacks after Microsoft reported active exploitation of the bug in the wild.

News URL

Related Vulnerability

2022-06-01 CVE-2022-30190 Unspecified vulnerability in Microsoft products
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.