CISAnalysis - June 20, 2022

Jun 20, 2022

It’s Monday and time to take a gander at CISA’s Known Exploited Vulnerabilities Catalog.

The only new addition to the list is the Follina Zero-Day Vulnerability, CVE-2022-30190, but it’s a doozy as we are all well-aware.

Follina is a remote code execution vulnerability within the Microsoft Windows Support Diagnostic Tool that can be exploited through a malicious MS Office document. The method of exploitation for this vulnerability involves malicious email attachments and social engineering. A successful exploitation allows an attack to run arbitrary code with the privileges of the calling application – install programs, view, modify and destroy data, etc.

Although Follina has been actively exploited by malicious, state-backed actors like Chinese APT actor TA413, Microsoft has continually downplayed the vulnerability’s severity. Many exploit attempts have been noted to have targeted EU and US government workers.

How Does It Work?

A malicious document attached to some sort of urgent sounding email is opened. This infected file contains a link to an HTML file that uses the ms-msdt MSProtocol URI scheme to execute PowerShell code without directly launching powershell.exe.

Mitigation

A patch for CVE-2022-30190 was released with Microsoft’s June 2022 cumulative Windows Updates. While the update doesn’t prevent msdt.exe from automatically spawning, it does prevent PowerShell injection.

Though Microsoft is downplaying Follina, It's important to make sure your systems are patched as this vulnerability is being actively exploited in the wild. We would be happy to assist you in deploying the updates in your environment. Click here to get started.

 

Written by

Kent Weigle

Recent Posts

  • 1

    Our Path to Product-Led Growth

    Michael Assraf June 21, 2022
  • 2

    CISAnalysis - June 20, 2022

    Kent Weigle June 20, 2022
  • 3

    Vicarius and Advent One Partner to Expand APAC Operations

    Evan Kling June 20, 2022
  • 4

    Crowdsourcing: Utilizing Humanity’s Greatest Asset

    Kent Weigle June 16, 2022
  • 5

    The Good News and Bad News About 0-Day Attacks

    Vicarius June 14, 2022
last_chanse_02.png

Start Closing Security Gaps

  • Risk reduction from Day 1
  • Fast set-up and deployment
  • Unified platform
  • Full-featured 30-day trial