Security News > 2022 > June > Follina Exploited by State-Sponsored Hackers

Researchers have added state-sponsored hackers to the list of adversaries attempting to exploit Microsoft's now-patched Follina vulnerability.

According to researchers at Proofpoint, state-sponsored hackers have attempted to abuse the Follina vulnerability in Microsoft Office, aiming an email-based exploit at U.S. and E.U. government targets via phishing campaigns.

As Microsoft explained in a blog post, the bug "Exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application."

If successfully exploited, attackers can use the Follina flaw to install programs, view, change or delete data, or create new accounts in the context allowed by the user's rights, the company said.

"A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word," Microsoft explained in its guidance on the Microsoft Security Response Center.

Researchers from Shadow Chaser Group noticed it on April 12 and patched by Microsoft in May. Proofpoint says the malicious file used in the recruitment phishing campaigns, if downloaded, executes a script that can ultimately check for virtualized environment to abuse and "Steals information from local browsers, mail clients and file services, conducts machine recon and then zips it for exfil."

News URL

https://threatpost.com/follina-exploited-by-state-sponsored-hackers/179890/