Security News > 2022 > June > Windows zero-day exploited in US local govt phishing attacks
European governments and US local governments were the targets of a phishing campaign using malicious Rich Text Format documents designed to exploit a critical Windows zero-day vulnerability known as Follina.
BleepingComputer is aware of local governments in at least two US states that were targeted by this phishing campaign.
"Proofpoint blocked a suspected state aligned phishing campaign targeting less than 10 Proofpoint customers attempting to exploit Follina/CVE 2022 30190," security researchers at enterprise security firm Proofpoint revealed.
Windows information: Computer information, list of usernames, Windows domain information.
The security flaw exploited in these attacks is tracked as CVE-2022-30190 and was described by Redmond as a Microsoft Windows Support Diagnostic Tool remote code execution bug.
While Microsoft is yet to release CVE-2022-30190 patches, CISA has urged Windows admins and users to disable the MSDT protocol abused in these attacks after Microsoft reported active exploitation of the bug in the wild.
News URL
Related news
- Qbot malware now uses Windows MSDT zero-day in phishing attacks (source)
- Microsoft patches Windows LSA spoofing zero-day under active attack (CVE-2022-26925) (source)
- Microsoft fixes under-attack Windows zero-day Follina (source)
- Targeted voicemail phishing attacks hits specific US industries’ verticals (source)
- Nothing personal: Training employees to identify a spear phishing attack (source)
- US agricultural machinery maker AGCO hit by ransomware attack (source)
- Ukraine warns of “chemical attack” phishing pushing stealer malware (source)
- Microsoft fixes new NTLM relay zero-day in all Windows versions (source)
- Hackers have carried out over 65,000 attacks through Windows’ Print Spooler exploit (source)
- US, Europe formally blame Russia for data wiper attacks against Ukraine, Viasat (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-01 | CVE-2022-30190 | Unspecified vulnerability in Microsoft products Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. | 9.3 |