Jun 20, 2022
It’s Monday and time to take a gander at CISA’s Known Exploited Vulnerabilities Catalog.
The only new addition to the list is the Follina Zero-Day Vulnerability, CVE-2022-30190, but it’s a doozy as we are all well-aware.
Follina is a remote code execution vulnerability within the Microsoft Windows Support Diagnostic Tool that can be exploited through a malicious MS Office document. The method of exploitation for this vulnerability involves malicious email attachments and social engineering. A successful exploitation allows an attack to run arbitrary code with the privileges of the calling application – install programs, view, modify and destroy data, etc.
Although Follina has been actively exploited by malicious, state-backed actors like Chinese APT actor TA413, Microsoft has continually downplayed the vulnerability’s severity. Many exploit attempts have been noted to have targeted EU and US government workers.
A malicious document attached to some sort of urgent sounding email is opened. This infected file contains a link to an HTML file that uses the ms-msdt MSProtocol URI scheme to execute PowerShell code without directly launching powershell.exe.
A patch for CVE-2022-30190 was released with Microsoft’s June 2022 cumulative Windows Updates. While the update doesn’t prevent msdt.exe from automatically spawning, it does prevent PowerShell injection.
Though Microsoft is downplaying Follina, It's important to make sure your systems are patched as this vulnerability is being actively exploited in the wild. We would be happy to assist you in deploying the updates in your environment. Click here to get started.
Online Casino Heist Shreds Confidence in CybersecurityPaul Lighter November 30, 2022
New Subscription TabShahar Reichman November 30, 2022
The Dark Stuff - Tor - Continuedacephale 4w November 29, 2022
Choosing the Right Access Control ModelJenny R November 25, 2022
Fortinet Authentication Bypass Vulnerability - CVE-2022-40684Khurram Arif November 25, 2022