Warning of zero-day vulnerability "Follina" in Microsoft Office


Reading time: minutes ( words)
"Follina": Critical security vulnerability in Microsoft Office

Microsoft Office users are currently threatened by a vulnerability (CVSS score: 7.8) in the Microsoft Support Diagnostic Tool (MSDT) that is classified as critical: The vulnerability listed under CVE-2022-30190 - also called "Follina" - allows PowerShell code to be executed when a malware-tainted Word document is opened. This gives attackers permission to install programs, view, modify or delete files.

Microsoft Office versions 2013, 2016, 2019 and 2021, as well as Office Pro Plus and Office 365, are affected by the vulnerability. Microsoft and the U.S. Cybersecurity Information Security Agency (CISA) warn that the vulnerability is already being actively exploited. Due to the intensive media coverage and the already published exploits, it can be assumed that the number of attacks on the vulnerability will increase.

Recommended Action:

Currently, there is no patch available from the manufacturer. However, Microsoft has published an official workaround at the following link and recommends system administrators to temporarily disable the MSDT URL protocol handler: https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/.  

Allgeier secion customers with an active Managed Service contract for Active Cyber Defense (ACD) will of course be informed separately about malicious communication on their systems.

Need help upgrading your IT security for 2022? Contact us!

By clicking on the "Submit" button, you confirm that you have read our privacy policy. You give your consent to the use of your personal data for the purpose of contacting you by Allgeier secion, Zweigniederlassung der Allgeier CyRis GmbH.

* Mandatory field

Go back