June 2, 2022
New Zero-Day Vulnerability Affecting Microsoft Products
On May 30, Microsoft reported a zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT). Dubbed “Follina,” this vulnerability could be exploited by a malicious attacker to execute arbitrary code on a Windows system using the MSDT URL protocol via Microsoft Office applications (such as Microsoft Word). Microsoft is reporting that an attacker that successfully exploits this vulnerability could install unauthorized programs, impact data, or conduct other unauthorized activity on an impacted system, including running arbitrary code.
At this time, no patch is available for this vulnerability. Microsoft has provided workarounds for this issue, listed in the link below. Basically, the workaround uses the Windows registry to disable the MSDT URL protocol. For people and organizations using Microsoft Defender products for antivirus, Microsoft also provides additional guidance in the same article: https://msrc.microsoft.com/blog/2022/05/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/
As always, testing is important! Consider working with your technical resources to test system changes before rolling them out to your whole organization.
We are also seeing that many antivirus vendors are pushing antivirus definition updates that can detect and block this vulnerability. Organizations may want to check with their antivirus vendors to understand any recommended actions specific to their product.
Authored by: David Bentley, CISSP
You May Want to Read More:
The Scope of SARs - Something Old and Something New - WST
January 28th, 2021
Did you know that filing Suspicious Activity Reports...
In with the new year, out with the Flash - WST
January 21st, 2021
The writing has been on the wall for a while now ...
Back to Basics: Understanding Risk Concepts - WST
January 15th, 2021
People often make judgements and decisions about risk...