Pricing
Contact
Login
Start Free Trial
Back

CISAnalysis - June 20, 2022

Jun 20, 2022

It’s Monday and time to take a gander at CISA’s Known Exploited Vulnerabilities Catalog.

The only new addition to the list is the Follina Zero-Day Vulnerability, CVE-2022-30190, but it’s a doozy as we are all well-aware.

Follina is a remote code execution vulnerability within the Microsoft Windows Support Diagnostic Tool that can be exploited through a malicious MS Office document. The method of exploitation for this vulnerability involves malicious email attachments and social engineering. A successful exploitation allows an attack to run arbitrary code with the privileges of the calling application – install programs, view, modify and destroy data, etc.

Although Follina has been actively exploited by malicious, state-backed actors like Chinese APT actor TA413, Microsoft has continually downplayed the vulnerability’s severity. Many exploit attempts have been noted to have targeted EU and US government workers.

How Does It Work?

A malicious document attached to some sort of urgent sounding email is opened. This infected file contains a link to an HTML file that uses the ms-msdt MSProtocol URI scheme to execute PowerShell code without directly launching powershell.exe.

Mitigation

A patch for CVE-2022-30190 was released with Microsoft’s June 2022 cumulative Windows Updates. While the update doesn’t prevent msdt.exe from automatically spawning, it does prevent PowerShell injection.

Though Microsoft is downplaying Follina, It's important to make sure your systems are patched as this vulnerability is being actively exploited in the wild. We would be happy to assist you in deploying the updates in your environment. Click here to get started.

 

In this week's CISAnalysis, we look at the only vulnerability added to the Known Exploited Vulnerabilities Catalog: the notorious Follina zero-day.

users/photos/ckzu2qthc003w0jnd2nqodctm.jpg

Written by

Kent Weigle

Recent Posts

  • 1

    Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape vulnerability (CVE-2022-44666) (0day)

    j00sean (https://twitter.com/j00sean) July 11, 2023
  • 2

    CVE-2021-38294: Apache Storm Nimbus Command Injection

    Zeyad Abdelazim June 20, 2023
  • 3

    CVE-2023-21931 & CVE-2023-21839 RCE via post-deserialization

    Mohammad Hussam Alzeyyat June 19, 2023
  • 4

    Have you missed them? The new reports feature is here!

    Noa Machter May 14, 2023
  • 5

    CVE-2021-45456 Apache Kylin RCE Exploit

    Mohammad Hussam Alzeyyat April 30, 2023

Related Posts

By alchemist 314
Sep 24, 2023

By David Parkinson Frost
Sep 22, 2023

David and Bob Query Get High

By hernan krause
Sep 21, 2023

last_chanse_02.png

Start Closing Security Gaps

  • Risk reduction from Day 1
  • Fast set-up and deployment
  • Unified platform
  • Full-featured 14-day trial
Start Free Trial!

Have questions?

By submitting this form, you agree to be contacted about vRx and other Vicarius products.

Vicarius develops an autonomous vulnerability remediation platform to help security teams protect their assets against software exploitation. Consolidating vulnerability assessment, prioritization, and remediation, Vicarius strengthens cyber hygiene and proactively reduces risk.
We're hiring!

Support

support@vicarius.io

Sales

sales@vicarius.io

Marketing

info@vicarius.io
Product
Product Overview
Vulnerability Management
Patch Management
Patchless Protection
Auto Actions
Reporting
Network Scanner
xTags
0-Day Detection
Solution
Solution Overview
Case Studies
Knowledge
Research Center
Apps & OS Patch Catalog
Videos
Articles
Docs
Company
About
Investors
Partners
Trust
Careers
Pricing
Pricing
Compare
vRx vs. Automox
vRx vs. ManageEngine
vRx vs. Rapid7
vRx vs. Tenable
vRx vs. Tanium
vRx vs. RMMs
vRx vs. Vulcan
vRx vs. PDQ
vRx vs. Qualys
vRx vs. SentinelOne
vRx vs. BigFix

Copyright © Vicarius. All rights reserved 2022. Privacy Policy and Terms of Use