From the moment any data system comes online, it is […]
Of all the threatening hacker groups out there, one of the […]
As we continue our series of articles on state-sponsored cyberattack groups, […]
See how securing your environment with Ntirety’s Comprehensive Compliant Security solution can save you money with our ROI Calculator.
Overview This event technology company provides customers with best-in- class […]
OVERVIEW What started as a niche company to bridge two […]
Michigan Mutual is a mortgage broker founded in 1992 by […]
In this episode, we talk with Tony Scribner of Ntirety, […]
Emil Sayegh is a well established executive in product and […]
Today we’ll be talking about hybrid cloud, security, and Maslow’s […]
Nao Sec, a Japanese security vendor, discovered the flaw and posted a warning on Twitter. The document discovered by Nao Sec used Word’s external link to load the HTML and then used the “ms-msdt” (Microsoft Support Diagnostic Tool) scheme to implement PowerShell code. MSDT is a tool that collects information and sends it to Microsoft Support. The ‘Protected View’ feature in Microsoft Office does prevent exploitation, but if a document is changed to RTF format, it will run without the document being open. The abuse of MSDT is not new as found through the living-off-the-land binaries (LoLBins) technique.
If a bad actor is able to exploit Follina, they will be able to install programs, change, view, or delete data, and create new accounts. Although there aren’t any patches for the vulnerability, Microsoft has released tools to mitigate damage.
Follina currently affects Microsoft 2013 and 2016, as well as the most recent version of Microsoft Office. Please see the below recommendations for mitigations regarding Follina.
How Ntirety is Protecting our Customers:
Microsoft has released workaround guidance to address “Follina”—affecting the MSDT in Windows. An unauthenticated attacker could exploit this vulnerability to take control of an affected system. Microsoft has reported active exploitation of this vulnerability within their applications.
CISA urges users and administrators to review Microsoft’s Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability and apply the necessary workaround.
Ntirety and Microsoft recommend the following workarounds for Follina:
Indicators of Compromise (IoCs):
At this time, there are no known IoCs associated with Follina. Ntirety SOC and threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Ntirety will disclose them as soon as possible. For more information on how Ntirety can help protect your organization, reach out to your Ntirety Customer Success Manager or Technical Account Manager.