Warning of zero-day vulnerability "Follina" in Microsoft Office
by Tina Siering
Microsoft Office users are currently threatened by a vulnerability (CVSS score: 7.8) in the Microsoft Support Diagnostic Tool (MSDT) that is classified as critical: The vulnerability listed under CVE-2022-30190 - also called "Follina" - allows PowerShell code to be executed when a malware-tainted Word document is opened. This gives attackers permission to install programs, view, modify or delete files.
Microsoft Office versions 2013, 2016, 2019 and 2021, as well as Office Pro Plus and Office 365, are affected by the vulnerability. Microsoft and the U.S. Cybersecurity Information Security Agency (CISA) warn that the vulnerability is already being actively exploited. Due to the intensive media coverage and the already published exploits, it can be assumed that the number of attacks on the vulnerability will increase.
Recommended Action:
Currently, there is no patch available from the manufacturer. However, Microsoft has published an official workaround at the following link and recommends system administrators to temporarily disable the MSDT URL protocol handler: https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/.
Allgeier secion customers with an active Managed Service contract for Active Cyber Defense (ACD) will of course be informed separately about malicious communication on their systems.