We will be happy to advise you!

Hotline:
+49 (0) 40 38 90 710

E-mail:
info@secion.de

Contact form

Warning of zero-day vulnerability "Follina" in Microsoft Office

by

Reading time: minutes ( words)
"Follina": Critical security vulnerability in Microsoft Office

Microsoft Office users are currently threatened by a vulnerability (CVSS score: 7.8) in the Microsoft Support Diagnostic Tool (MSDT) that is classified as critical: The vulnerability listed under CVE-2022-30190 - also called "Follina" - allows PowerShell code to be executed when a malware-tainted Word document is opened. This gives attackers permission to install programs, view, modify or delete files.

Microsoft Office versions 2013, 2016, 2019 and 2021, as well as Office Pro Plus and Office 365, are affected by the vulnerability. Microsoft and the U.S. Cybersecurity Information Security Agency (CISA) warn that the vulnerability is already being actively exploited. Due to the intensive media coverage and the already published exploits, it can be assumed that the number of attacks on the vulnerability will increase.

Recommended Action:

Currently, there is no patch available from the manufacturer. However, Microsoft has published an official workaround at the following link and recommends system administrators to temporarily disable the MSDT URL protocol handler: https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/.  

Allgeier secion customers with an active Managed Service contract for Active Cyber Defense (ACD) will of course be informed separately about malicious communication on their systems.

Need help upgrading your IT security for 2022? Contact us!

By clicking on the "Submit" button, you confirm that you have read our privacy policy. You give your consent to the use of your personal data for the purpose of contacting you by Allgeier secion, Zweigniederlassung der Allgeier CyRis GmbH.

* Mandatory field

Go back

Related articles

QakBot malware: Warning of increasing attacks

Warning of rising attacks with QakBot malware

For several days now, there has been a strong accumulation of successful compromises by the "QakBot" malware (also known as "QBot" and "QuackBot") worldwide. We have also already identified successful attacks as part of our ACD monitoring. After infection, criminals can gain access to online banking accounts, leak user data, and reload further malware. As one measure to mitigate the risk, we urgently recommend adjustments to the Group Policy Objects (GPO).

New ransomware trend: Why criminals increasingly rely on intermittent encryption

Intermittent encryption: the new ransomware trend

Cybercriminals are true masters at constantly adapting their attack mechanisms to effective IT security measures. New tools and iterative changes to existing malware are used to mercilessly exploit security vulnerabilities. Among the numerous threats, ransomware stands out as one of the biggest. More and more companies have to face extortion Trojans. A completely new threat called LockFile now relies on intermittent encryption. LockFile not only encrypts much faster than previous ransomware, but also bypasses security solutions that work reliably. This article shows why criminals are increasingly relying on intermittent encryption and how companies should react to the new threat.

secion's assessment of the security threats to companies following the outbreak of the war in Ukraine

How the Ukraine war affects corporate IT security

Due to the war in Ukraine, secion provides an assessment of the threat situation for companies and examines the question of whether increased Russian attacks on companies in Germany, Austria and Switzerland can be identified. There is currently no evidence of an acute increase in the threat posed by Russian state actors in Western Europe, but there is increased public awareness of these cyberattacks. In addition, "third-party actors" are creating a new dynamic.