System Compromised

Exploitation of Follina Zero-Day Vulnerability

Published on Jun 9, 2022

  1. News
  2. Exploitation of Follina Zero-Day Vulnerability

Security researchers warned of exploitation noticed in the network, which Microsoft confirmed. So it looks like Windows and Office are affected by a zero-day vulnerability.

Windows has a security hole. It’s tracked as CVE-2022-30190. “nao-sec” reported a malicious Word file that anybody can use to execute arbitrary PowerShell code. It looks like Belarus is a source of this file because it was uploaded to VirusTotal from that country.

One of the first who analyzed the exploit was researcher Kevin Beaumont. He named it “Follina” because the malicious file references 0438, the area code for the Italian village of Follina.

Unfortunately, Microsoft has known about the vulnerability since April. “CrazymanArmy” of the Shadow Chaser Group, a research team focusing on APT hunting and analysis, notified Microsoft about this vulnerability.
Moreover, Microsoft initially classified it as “not a security-related issue”.

According to Microsoft, the “issue has been fixed,” but a patch does not appear to be available.

Take control of your online security

Even though initially this was described as a Microsoft Office zero-day vulnerability, Microsoft clarified that Follina affects the Microsoft Support Diagnostic Tool (MSDT). MSDT collects user/device information and sends it to Microsoft support.

Cybercriminals could use this vulnerability to run a code, install/change/delete data, or modify accounts.

According to Microsoft (advisory for CVE-2022-30190):

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights,

In the past, most exploits used macros to execute some code. Currently, it’s even worse because this attack does not use macros. Therefore, regardless macros are enabled or not, the malicious code can be executed.

Everything gets even more interesting because Beaumont noticed an invitation to an interview with Sputnik Radio that is supposed to work as bait and target Russian users.

Researchers have confirmed that exploitation works against multiple versions of Microsoft Office:

  • Office Pro Plus,
  • Office 2013,
  • Office 2016,
  • Office 2019
  • Office 2021.

What is more, Microsoft informed that this vulnerability affects Windows Operating Systems:

  • Windows 7,
  • Windows 8.1,
  • Windows 10,
  • Windows 11,
  • Windows Server 2008,
  • Windows Server 2012,
  • Windows Server 2016,
  • Windows Server 2019,
  • Windows Server 2022.

Nonetheless, if you update your system regularly, you should be safe. New Defender updates should detect and block files associated with this vulnerability. Still, to be safe, it’s good to check Microsoft’s guidance regarding this remote code execution vulnerability, including workarounds – Microsoft guidance

Various cybersecurity firms have published an analysis of the exploit:

  • Huntress,
  • Malwarebytes,
  • Sophos,

It’s also possible to find online proof-of-concept (PoC) exploits.

Click to Search: šŸ”Ž

Search for anything using our AI Assistant šŸ”Ž

Recent Posts

Private Browsing VPN Tips
Can UAE track VPN and how to get VPN with UAE IP

UAE VPN FREE Trial: Can UAE track VPN šŸ‘» and how to get VPN with UAE IP šŸ”’

In the UAE, using a VPN comes with specific legal challenges. To navigate them, understanding local regulations is key to safely securing your online privacy and accessing blocked services like VoIP apps. Look for VPN features like obfuscated servers to avoid detection, a kill switch to prevent data leakage, and a strict no-logs policy to keep your activity private. Whether using a VPN on PC, Mac, or mobile devices, find a provider offering strong encryption and obfuscation. PureVPN is one option, offering a server in Dubai to help you obtain a UAE IP address and access local content while traveling abroad. Stay up-to-date with the latest regulations to ensure your VPN usage remains safe and legal.

Published on May 12, 2024

Featured articles VPN Tips
Is PureVPN Safe To Use

āœ… Is PureVPN Safe to Use? FREE Trial Link

PureVPN places strong emphasis on security, offering 256-bit AES encryption, a strict no-logs policy, and an automatic kill switch to safeguard your online privacy. Its jurisdiction in the British Virgin Islands and ability to unblock popular streaming platforms like Netflix and Disney+ enhance its appeal, despite some performance and P2P limitations. Discover how this versatile VPN balances cost, performance, and security in our detailed assessment!

Published on May 9, 2024

VPN Tips
TROUBLESHOOTING COMMON VPN ISSUES

Troubleshooting Common VPN Issues āš ļø

Virtual Private Networks (VPNs) are crucial for maintaining online privacy and security but can face problems like slow speeds, disconnections, and restricted access to streaming services. Our guide delves into common VPN issues and offers step-by-step solutions, including switching servers, updating software, and modifying network settings to help you restore your VPN to optimal performance. Whether your VPN is blocking all internet access or struggling to connect, you'll find practical advice for seamless and secure browsing.

Published on May 9, 2024

VPN Tips
Comparing VPN vs Proxy vs Tor and More

Comparing VPNs: VPN šŸ›”ļø vs. Proxy šŸ”Œ vs. Tor šŸŒ‘ and More

In a world where privacy and security are paramount, understanding the nuances between various online tools like VPNs, proxies, Tor, and others is vital. While VPNs offer encryption and IP masking, proxies simply reroute traffic without encryption. Tor provides layered anonymity at the expense of speed. This guide will help you navigate the features of these technologies, comparing them with others like VPS, antivirus, and firewalls, ensuring you choose the best option for your specific needs.

Published on May 9, 2024

Privacy and Security
VPN Legality and Use in Different Countries

āš–ļø VPN Legality and Use in Different Countries šŸŒ

Virtual Private Networks (VPNs) are essential for enhancing online security and privacy, but their legality varies globally. This article provides a comprehensive analysis of VPN regulations in different countries, including Poland, Germany, China, Thailand, India, and Russia. While VPNs are legal in many regions, some nations impose strict controls or bans on non-approved services. Learn how to use VPNs effectively while adhering to local laws and understanding each country's unique regulatory landscape.

Published on May 9, 2024

About the author

Magic

Hi! Iā€™m Magic,

Software, hardware, and test engineer with experience of 25+ years in military systems.

During years of work on multiple projects, I noticed that most people struggle with technical questions, and sometimes finding correct answers is impossible on the congested internet.
Therefore, I started providing my experience online by researching products and services to help everybody who seeks my help.

Would you be interested in learning more about my VPN services and security findings? If yes, please continue reading, and I thank you if you find it helpful and wish to support me by following one of the links.
Software developer
Hardware engineer
Test engineer

Pin It on Pinterest

Share This