Security News > 2022 > June > You’re invited! Join us for a live walkthrough of the “Follina” story…
On Thursday this week, we're holding a free webinar in which we'll give you a live explanation and demonstration of the "Follina" vulnerability.
Although this bug is fairly easy to deal with, it nevertheless tells a fascinating story.
Follina, or CVE-2022-30190 if you prefer to keep things official, is an intriguing example of how cybercriminals figured out how to combine a "Feature" that no one really wanted with a "Feature" that no one really needed.
How to investigate security holes like this one safely.
We'll also take a look at other "Features" in Windows that could lead to similar problems, and what to do about those, too.
Yuck, I just went into the registry to see what other 'undocumented features' are in HKEY CLASSES ROOT. What did I find? Job security.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-06-01 | CVE-2022-30190 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Microsoft products A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. | 7.8 |