It’s Monday and time to take a gander at CISA’s Known Exploited Vulnerabilities Catalog.
The only new addition to the list is the Follina Zero-Day Vulnerability, CVE-2022-30190, but it’s a doozy as we are all well-aware.
Follina is a remote code execution vulnerability within the Microsoft Windows Support Diagnostic Tool that can be exploited through a malicious MS Office document. The method of exploitation for this vulnerability involves malicious email attachments and social engineering. A successful exploitation allows an attack to run arbitrary code with the privileges of the calling application – install programs, view, modify and destroy data, etc.
Although Follina has been actively exploited by malicious, state-backed actors like Chinese APT actor TA413, Microsoft has continually downplayed the vulnerability’s severity. Many exploit attempts have been noted to have targeted EU and US government workers.
How Does It Work?
A malicious document attached to some sort of urgent sounding email is opened. This infected file contains a link to an HTML file that uses the ms-msdt MSProtocol URI scheme to execute PowerShell code without directly launching powershell.exe.
A patch for CVE-2022-30190 was released with Microsoft’s June 2022 cumulative Windows Updates. While the update doesn’t prevent msdt.exe from automatically spawning, it does prevent PowerShell injection.
Though Microsoft is downplaying Follina, It’s important to make sure your systems are patched as this vulnerability is being actively exploited in the wild. We would be happy to assist you in deploying the updates in your environment. Click here to get started.
About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
TOPIA is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.