Security News > 2022 > June > You’re invited! Join us for a live walkthrough of the “Follina” story…

You’re invited! Join us for a live walkthrough of the “Follina” story…
2022-06-13 18:28

On Thursday this week, we're holding a free webinar in which we'll give you a live explanation and demonstration of the "Follina" vulnerability.

Although this bug is fairly easy to deal with, it nevertheless tells a fascinating story.

Follina, or CVE-2022-30190 if you prefer to keep things official, is an intriguing example of how cybercriminals figured out how to combine a "Feature" that no one really wanted with a "Feature" that no one really needed.

How to investigate security holes like this one safely.

We'll also take a look at other "Features" in Windows that could lead to similar problems, and what to do about those, too.

Yuck, I just went into the registry to see what other 'undocumented features' are in HKEY CLASSES ROOT. What did I find? Job security.


News URL

https://nakedsecurity.sophos.com/2022/06/13/youre-invited-join-us-for-a-live-walkthrough-of-the-follina-story/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-06-01 CVE-2022-30190 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Microsoft products
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word.
local
low complexity
microsoft CWE-610
7.8