7.8
CVSSv3

CVE-2022-30190

Published: 01/06/2022 Updated: 07/06/2022
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows server 2012 r2

microsoft windows 10 1607

microsoft windows 8.1 -

microsoft windows server 2016 -

microsoft windows server 2008 -

microsoft windows server 2008 r2

microsoft windows 7 -

microsoft windows rt 8.1 -

microsoft windows server 2012 -

microsoft windows 10 -

microsoft windows server 2019 -

microsoft windows 10 1809

microsoft windows 10 20h2

microsoft windows 10 21h1

microsoft windows server 2022 -

microsoft windows 11 -

microsoft windows 10 21h2

Mailing Lists

This Metasploit module generates a malicious Microsoft Word document that when loaded, will leverage the remote template feature to fetch an HTML document and then use the ms-msdt scheme to execute PowerShell code ...
Proof of concept for the remote code execution vulnerability in MSDT known as Follina ...

Github Repositories

Microsoft MSDT Follina Docx generator The Follina vulnerability in a Windows support tool can be easily exploited by a specially crafted Word document The lure is outfitted with a remote template that can retrieve a malicious HTML file and ultimately allow an attacker to execute Powershell commands within Windows CVE-2022-30190 cvemitreorg/cgi-bin/cvenamecgi?name=C

CVE-2022-30190 Information and Scripts to remediate and restore functionality for CVE 2022 30190

CVE-20220-30190 On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows vulnerability A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word An attacker who successfully exploits this vulnerability can run arbitrary code with the privileg

Unofficial-Follina-Mitigation This script is an UNOFFICIAL fix for vulnerability CVE-2022-30190 (Commonly known as Follina) Microsoft has published that a remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word An attacker successfully exploiting this vulnerability can execute arbitrary code with the privil

Follina-CVE-2022-30190-Unofficial-patch- An Unofficial Patch Follina CVE-2022-30190 (patch) by microsoft Guidelines for more details goto : msrc-blogmicrosoftcom/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/ About Program this program creates a backup of [reg file] in Program directory (Make sure you keep it safe for restore

Follina-CVE-2022-30190-Unofficial-patch- An Unofficial Patch Follina CVE-2022-30190 (patch) by microsoft Guidelines for more details goto : msrc-blogmicrosoftcom/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/ Guide Run the at As Administrator Select Patch Then Done =(^_^)=

CVE-2022-30190 This Repository Talks about the Follina MSDT from Defender Perspective Index About Timeline Understanding the Exploit List of IOCs Detection Strategy Testing and Researching Mitigation Plans References About The bug is a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability reported by crazyman of the Shadow Chaser Group Microsof

follina (POC) All about CVE-2022-30190, aka follina, that is a RCE vulnerability that affects Microsoft Support Diagnostic Tools (MSDT) on Office apps such as Word This is a very simple POC, feel free to check the sources below for more threat intelligence Usage usage: follinapy [-h] [--command COMMAND] [--ip IP] [--port PORT] [--output OUTPUT] POC for CVE-2022-30190, aka f

CVE-2022-30190 CVE-2022-30190 Follina POC Host exploithtml on localhost, port 80 Open the docx to pop calc To change the remote address the doc points to, open in 7Z and edit word\rels\documentxmlrels to point to a new location YOU MUST keep the exclamation mark It will literally not run if you omit this from the end of the URL The exploit must contain at least 3541 ch

Follina Proof of Concept (CVE-2022-30190)

CVE-2022-30190 CVE-2022-30190 CVE-2022-30190 Follina POC Host exploithtml on localhost, port 80 Open the docx to pop calc To change the remote address the doc points to, open in 7Z and edit word\rels\documentxmlrels to point to a new location YOU MUST keep the exclamation mark It will literally not run if you omit this from the end of the URL The exploit must contain at

MS-MSDT-Office-RCE-Follina CVE-2022-30190 | MS-MSDT Follina One Click Create a Docx file In the Docx file, Insert > Object > Bitmap Image > Ok In the Paint application that launched, save the Paint file Save your Docx file Open your file as an archive (With 7Zip; Right Click > 7Zip > Open Archive) Copy out the Documentxml from \Word\ and

CVE-2022-30190-mass-rce CVE-2022-30190 Zero click rce Mass Exploitation Tool with Multi threading capabilities Exploitation tool written in Python 3 compatible with lists of URLs/IPs For a large number of targets you can increase the number of threads, we don't recommend more than 1024 In order to perform command injection (bash/powershell) replace the "command"

msdt-follina-office CVE-2022-30190- A Zero-Click RCE Vulnerability In MSDT

Follina - CVE-2022-30190 Follina is a zero day allowing code execution in Office products Installation git clone githubcom/WesyHub/CVE-2022-30190---Follina---Poc-Exploitgit Usage Example : python3 FollinaSploitpy -c calc -o pocdocx -p 80 Please make sure to send the doc or rtf file to the

FollinaExtractor Extract payload URLs from Follina (CVE-2022-30190) docx and rtf files usage: extract_follinapy -f C:\path\to\filertf

SekiganWare This is a Malware that uses a complexe strategie to get into a targets pc and network It uses the current 0-Day and 0-Click Vulnerability CVE-2022-30190 (Follina) to get into a system The Source Code will be public when its finished to avoid missunderstanding and chaos It will have a detailed description how its build and how the strategie works Please be patien

githubRepo for follina vuln CVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follina

MS-MSDT_Office_RCE_Follina Hello Infosec/IT Admin reader, by the time I'm writing this you've already heard of this new 0-day vulnerability in Microsoft Office (CVE-2022-30190) Basically a remote code execution exists when MSDT - Microsoft Support Diagnostic Tool is called using the URL from application Word Exploit DIY Create word document docx and impo

cve-2022-30190 CVE-2022-30190 remediation via removal of ms-msdt from Windows registry

cve-2022-30190 Aka Follina = benign POC

CVE-2022-30190-POC

follina-CVE-2022-30190 follina zero day vulnerability to help Microsoft to mitigate the attack

CVE-2022-30190 - Microsoft Support Diagnostic Tool About This script will attempt to create a Microsoft Office document which will remotely execute code Setup git clone githubcom/joshuavanderpoll/CVE-2022-30190git cd CVE-2022-30190 python3 CVE-2022-30190py --help Options usage: CVE-2022-30190py [-h] [--doc DOC] [--html HTML]

Follina-CVE-2022-30190-PoC-sample Educational Follina PoC Tool Version history v10 — Initial release Features RTF payload generator Simple HTTP Server for payload Mitigation tips Configuration extractor Easy to use for learning PoC Exploit Executed Successfully

Follina Web Server Simple PowerShell web server to assist in POC Follina testing by popping calc When running, by default URL can be accessed via: localhost:8081/payloadhtml References: githubcom/JMousqueton/PoC-CVE-2022-30190 - Good resource on creating your own POC communityideracom/database-tools/powershell/powertips/b/tips/posts/creating-powershe

CVE-2022-30190-follina Just another PoC for the new MSDT-Exploit

CVE-2022-30190 CVE-2022-30190 Follina POC Host exploithtml on localhost Open the docx to pop calc To change the remote address the doc points to, open in 7Z and edit word\rels\documentxmlrels to point to a new location The exploit must contain at least 3541 characters before the windowlocationhref, and they must be within the script tag There is about 6000 or so inclu

Recent Projects Current Projects Robot Vision                             God's Eye   

FollinaScanner A tool written in Go that scans files & directories for the Follina exploit (CVE-2022-30190) Compiling git clone githubcom/ErrorNoInternet/FollinaScanner cd FollinaScanner go build Running # Scan the current directory /follina-scanner -R # Scan a specific file /follina-scanner amogusdocx

CVE-2022-30190-NSIS An NSIS script that helps deploy and roll back the mitigation registry patch for CVE-2022-30190 as recommended by Microsoft

The MSDT Protocol Disabler is a tool that disables the MSDT protocol (ms-msdt://) It is a simple patch tool for patching the zero-day CVE-2022-30190 or Follina vulnerability Until this vulnerability gets patched, use this tool to disable the MSDT protocol A backup reg file will be saved to your user folder in case you want to re-enable the protocol

Windows-0-Day-Automated-fix Fix CVE-2022-30190 MAKE SURE TO RUN AS ADMINISTRATOR

Follina - CVE-2022-30190 Follina is a zero day allowing code execution in Office products Installation git clone githubcom/WesyHub/CVE-2022-30190---Follina---Poc-Exploitgit Usage Example : python3 FollinaSploitpy -c calc -o pocdox -p 80 Please make sure to send the doc or rtf file to the target Tested on Office 2019 License

CVE-2022-30190-Follina-Patch This is a simple program allows you to complete the Workarounds temporary Patch at once instead of typing in cmd (Addressed to specific people) Requires you to run it as an administrator 6/2/2022 Images The exe file Manually Run Command Prompt as Administrator To back up the registry key, execute the command reg export HKEY_CLASSES_ROOT\ms-msdt

msdt-follina-office-rce CVE-2022-30190

Follina zero day office exploit patch for Windows 10 Patch for the Follina zero day exploit currently effecting MS Office This patch works on Windows 10, I have not tested it on previous versions of Windows The exploit this is patching DOES effect earlier versions of Windows (Both Desktop and Server) so be careful Patch Notes/Instructions (CVE-2022-30190 - disable the Previe

ProductionFollinaWorkaround Work around for Follina vulnerability + documentation on my process CVE-2022-30190 "Follina" is a Windows exploit that allows an adversary to preform remote code execution via the built in Microsoft Diagnostic Tool (msdt) As of now, there is no official patch, but there are workarounds The option I ended up employing was the Microsoft rec

CVE-2022-30190 Temporary Fix (Source Code) These are the source codes of the Python scripts to apply the temporary protection against the CVE-2022-30190 vulnerability (Follina) Both can be programmed better, but this is just to implement it as quickly as possible and I did it with no much knowledge on Python, but the important is, it works! Hehe What these files do?: Step by s

CVE-2022-30190 Temporary Fix These are two Python scripts compiled to easily and quickly apply temporary protection against the CVE-2022-30190 vulnerability (Follina) Both can be programmed better, but this is just to implement it as quickly as possible and I did it with no much knowledge on Python, but the important is, it works! Hehe What these 'exe' files do?: St

follina-CVE-2022-30190

CVE-2022-30190

msdt-follina-office CVE-2022-30190- A Zero-Click RCE Vulnerability In MSDT

MSDT_CVE-2022-30190-follina-

Follina Notes related to CVE-2022-30190 FOLLINA: CVE-2022-30190 Uses Microsoft Support Diagnostic Tool (MSDT) Exploits diagnostic window opened for Diagnosis and when executed properly, gives reverse shell to attacker Github: (a) githubcom/JohnHammond/msdt-follina (b) githubcom/chvancooten/follinapy Thanks to: (a) @_johnhammond (b) @networkchuck

Deathnote Proof of Concept of CVE-2022-30190

Follina_Exploiter_CLI Exploit Microsoft Zero-Day Vulnerability Follina (CVE-2022-30190)

POC-msdt-follina OK, as you know, or don't know, CVE-2022-30190 vulnerability can be described as like an attacker makes some MS Office, puts inside it's structure some link ( html ), and with the help of that, he manage run a malicious code OLE object (word/_rels/documentxmlrels) Data phat puts inside, may describe link in the tags with attributes "TYPE=&quo

dogwalk A pure python implementation of microsoft-diagcab-rce-poc from Imre Rad After the recent CVE-2022-30190 (aka Follina) came out, a previously reported vulnerability on MSDT, the tool used for the Follina exploit, resurfaced This vulnerability was reported to Microsoft in January 2020 by Imre Rad Microsoft had deemed this as being not a security issue This repository

Folina-CVE-2022-30190-POC-

MS-MSDT-Proactive-remediation Uses Intune Proactive remediations to detect and Move the MS-MSDT class, this is to address CVE-2022-30190 (Follina) Vulnerability Intune Proactive Remediations The gives you some reporting on the current status of machines uncheck or having the issues remediated by these scripts Location to create a script package: From Intune > Reports

I've created quickly a batch solution for the CVE-2022-30190 Vulnerability It's a powershell script, which goes through a list of hostnames, and deletes the registry key associated with the CVE-2022-30190 Vulnerability

mitigate-folina Mitigates the "Folina"-ZeroDay (CVE-2022-30190) This script will backup and then remove the affected registry key (as suggested by Microsoft) to mitigate CVE-2022-30190) If parameterized with "-revert" the script will reimport the key This cam be used wehn Microsoft releases a patch

DisableMS-MSDT Purpose: To have a downloadable Powershell Script created to disable the MSDT URL protocol Use Cases A system administrator needs a powershell script that can be uploaded into a MDM to mitigate the vulnerability in Windows computers A security conscious person wants a quick way to run a powershell script to disable MSDT until a patch is released by Microsoft on

follina_cve_2022-30190 A proof of concept to CVE-2022-30190 (follina) usage: exploitpy [-h] [-u HOST_IP] [-p PORT] [-o OFILE] [-m {server, create}] [-s {script | script_fileps1}] [-r HOST_IP:PORT] Follina Exploitation Toolkit options: -h, --help show this help message and exit -u HOST_IP, --host HOST_IP host ip addre

POC CVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follina Info : New Microsoft Office zero-day used in attacks to execute PowerShell Summary On the 29th of May 2022, the Nao_Sec team, an independent Cyber Security Research Team, discovered a malicious Office document shared on Virustotal This document is using an unusual, but known scheme to infect its victims The scheme

MSDT_CVE-2022-30190 This Repository Talks about the Follina MSDT from Defender Perspective Index About Timeline Understanding the Exploit List of IOCs Detection Strategy Testing and Researching Mitigation Plans References About The bug is a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability reported by crazyman of the Shadow Chaser Group Mic

CVE-2022-30190 Microsoft Office Word Rce 复现(CVE-2022-30190) 漏洞简介 MS Office docx 文件可能包含作为 HTML 文件的外部 OLE 对象引用。有一个 HTML 场景 ms-msdt: 调用 msdt 诊断工具,它能够执行任意代码(在参数中指定)。 结果是一个可怕的攻击向量,通过打开恶意 docx 文件(不使用宏)来获取 RCE。 开始

MS-MSDT Follina CVE-2022-30190 PoC Malicious docx generator to exploit (Microsoft Office Word Remote Code Execution) Creation of this Script is based on CVE-2021-40444 PoC by LockedByte and writeup by Tothi Using First modify backuphtml and replace powershell payload Right now just pops a calcexe using IEX('calcexe') python3 exploitpy generate <SR

MSDT_CVE-2022-30190 This Repository Talks about the Follina MSDT from Defender Perspective

Folina-CVE-2022-30190-POC-

Follina, la vulnerabilidad de Microsoft Office CVE-2022-30190 Follina es una vulnerabilidad de día cero que surge cuando el MSDT (Microsoft Support Diagnostic Tool) es llamado utilizando el protocolo URL de una aplicación como por ejemplo, Microsoft Office Word Al explotar esta vulnerabilidad, un actor malicioso puede ejecutar código remoto (RCE) con los m

ms-msdt this CI removes the registry key HKEY_CLASSES_ROOT\ms-msdt, described in CVE-2022-30190

CVE-2022-30190-mass CVE-2022-30190 Zero click rce Mass Exploitation Tool with Multi threading capabilities

CVE-2022-30190 MSDT 0-Day Mass Exploitation Tool

CVE-2022-30190

Follina-Remediation Removes the ability for MSDT to run, in response to CVE-2022-30190 (Follina)

note-- adding support for the rtf file extension 0 click vulnerability soon MSDT-Exploit Exploitation of MSDT for Backdoor Access through doc files using CVE-2022-30190 This Program allows you to generate Malicious Word Documents giving you RCE Usage Git Clone or Download this directory into a folder In the folder, open doc-exploitpy and navigate to the 'Data'

Liens pouvant être utiles Vulnérabilité windows Vidéos let’s play with a ZERO-DAY vulnerability “follina” Exploiting MSDT 0-Day CVE-2022-30190 Informations complémentaires CVE-2022-30190 Detail Additional information about CVE-2022-30190 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability Insta

Follina-workaround-automation This is a workaround that should secure machines from the Follina zero-day exploit (According to Microsoft's documentation) msrc-blogmicrosoftcom/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/ This script will make a new hidden dir on the C:/ drive, that should have a backup of the regkey tha

FollinaReg This is a simple python script to automate collection of artifacts for Follina (CVE-2022-30190) vulnerability on Windows workstations The script expects a list of computers and checks registry keys for each user on each computer on the list Each domain is scanned using VirusTotal and urlscanio APIs The results (URLs and VirusTotal scans) are stored in a file How

CVE-2022-30190-MASS-RCE MSDT 0-Day Mass Exploitation Tool

POC-msdt-Follina OK, as you know, or don't know, CVE-2022-30190 vulnerability can be described as like an attacker makes some MS Office, puts inside it's structure some link ( html ), and with the help of that, he manage run a malicious code OLE object (word/_rels/documentxmlrels) Data phat puts inside, may describe link in the tags with attributes "TYPE=&quo

follina_cve_2022-30190 A proof of concept to CVE-2022-30190 (follina) usage: exploitpy [-h] [-u HOST_IP] [-p PORT] [-o OFILE] [-m {server, create}] [-s {script | script_fileps1}] [-r HOST_IP:PORT] Follina Exploitation Toolkit options: -h, --help show this help message and exit -u HOST_IP, --host HOST_IP host ip addre

Hướng dẫn khắc phục Lỗ hổng CVE-2022-30190 Microsoft Support Diagnostic Tool (MSDT) Bước 1: người dùng tải file MSDT_FIXrar về máy tính và thực hiện giải nén như sau Chọn lên file MSDT_FIXrar click chuột phải tìm đến Extract Here (như hình) Bước 2: Người dùng chọn fil

Follina-Workaround-CVE-2022-30190-

CVE-2022-30190-Analysis-With-LetsDefends-Lab Pada tanggal 27 mei 2022, Tim teknikal Nao_Sec mencoba menaganalisa dan menemukan suatu dokumen dalam format doc yang tampak malicious Dimana Dokumen tersebut terindikasi terunggah dari alamat IP Belarus Kecurigaan ini kemudian di telurusi lebih lanjut dan pada tanggal 30 mei 2022, tepatnya pada hari senin Microsoft mengumumkan a

NOTE This repo was used for a school project! All credits: githubcom/ItsNee/Folina-CVE-2022-30190-POC USAGE Use Smartlearnch run python3 exploitpy -u "19216821041:1337/pwnhtml"

MS-URI-Handlers Note: The information below was tested from my personal computer Values may be different from your own computer For the past year, I've been spending some time investigating how URI protocols are treated and potential vectors of abuse With CVE-2021-40444 and the most recent CVE-2022-30190 (Follina), it still seems that there is research that needs to be d

Documenting recent threats with mitigations/fixes/patch notes for the Windows SysAdmin These threats may include bugs/exploits/0Day's/CVE's Useful CVE Websites: cvemitreorg/ wwwnistgov/ anyrun/ Recent CVE Examples: Follina - CVE-2022-30190 Print Nightmare - CVE-2021-34527

Useful CVE Websites: cvemitreorg/ wwwnistgov/ anyrun/ Recent CVE Examples: Follina - CVE-2022-30190 Print Nightmare - CVE-2021-34527

CVE-2022-30190 MS-MSDT with Follina Attack Vector Deniz Koc | June 9, 2022 On May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows vulnerabilityIt is basically a remote code execution technique used through MSDT and MS Office program, namely Microsoft Word This attack takes place using malicious Word documents that

2022上半年热门漏洞 注意:以下漏洞仅针对部分已公开POC或详情的高危严重漏洞。 感谢棱角社区 @bugkidz 的整理,原文链接:forumywhackcom/thread-200821-1-1html PDF版本下载地址:ossywhackcom/%E5%85%AC%E5%BC%80%E8%B5%84%E6%96%99/2022%E4%B8%8A%E5%8D%8A%E5%B9%B4%E7%83%AD%E9%97%A8%E6%BC%8F%E6%B4%9Epdf 2022上半

Recent Articles

Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug
Threatpost • Elizabeth Montalbano • 23 Jun 2022

Advanced persistent threat group Fancy Bear is behind a phishing campaign that uses the specter of nuclear war to exploit a known one-click Microsoft flaw. The goal is to deliver malware that can steal credentials from the Chrome, Firefox and Edge browsers.
The attacks by the Russia-linked APT are tied the Russian and Ukraine war, according to researchers at Malwarebytes Threat Intelligence. They report that Fancy Bear is pushing malicious documents weaponized with the exploit for Follina ...

Russian govt hackers hit Ukraine with Cobalt Strike, CredoMap malware
BleepingComputer • Bill Toulas • 21 Jun 2022

The Ukrainian Computer Emergency Response Team (CERT) is warning that Russian hacking groups are exploiting the Follina code execution vulnerability in new phishing campaigns to install the CredoMap malware and Cobalt Strike beacons.
The APT28 hacking group is believed to be sending emails containing a malicious document name "Nuclear Terrorism A Very Real Threat.rtf.". The threat actors selected the topic of this email to entice recipients to open it, exploiting the fear that's spread amo...

Russian hackers start targeting Ukraine with Follina exploits
BleepingComputer • Bill Toulas • 13 Jun 2022

Ukraine's Computer Emergency Response Team (CERT) is warning that the Russian hacking group Sandworm may be exploiting Follina, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) currently tracked as CVE-2022-30190.
The security issue can be triggered by either
 and threat actors have been exploiting it in attacks since at least April 2022.
It is worth noting that Ukraine's agency assesses with medium confidence that behind the ...

Attackers Exploit MSDT Follina Bug to Drop RAT, Infostealer
Symantec Threat Intelligence Blog • Karthikeyan C Kasiviswanathan Yuvaraj Megavarnadu • 08 Jun 2022

Symantec has observed threat actors exploiting remote code execution flaw to drop AsyncRAT and information stealer.

Posted: 8 Jun, 20222 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinAttackers Exploit MSDT Follina Bug to Drop RAT, InfostealerSymantec has observed threat actors exploiting remote code execution flaw to drop AsyncRAT and information stealer.Symantec, a division of Broadcom Software, has observed threat actors exploiting the remote code execution (RCE) vulnerability known as Follina to drop malware onto vulnerable systems just days after the f...

Follina Exploited by State-Sponsored Hackers
Threatpost • Nate Nelson • 07 Jun 2022

Researchers have added state-sponsored hackers to the list of adversaries attempting to exploit Microsoft’s now-patched Follina vulnerability. According to researchers at Proofpoint, state-sponsored hackers have attempted to abuse the Follina vulnerability in Microsoft Office, aiming an email-based exploit at U.S. and E.U. government targets via phishing campaigns.
Proofpoint researchers spotted the attacks and believe the adversaries have ties to a government, which it did not identify....

CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction
Securelist • AMR • 06 Jun 2022

At the end of May, researchers from the nao_sec team reported a new zero-day vulnerability in Microsoft Support Diagnostic Tool (MSDT) that can be exploited using Microsoft Office documents. It allowed attackers to remotely execute code on Windows systems, while the victim could not even open the document containing the exploit, or open it in Protected Mode. The vulnerability, which the researchers dubbed Follina, later received the identifier CVE-2022-30190.
CVE-2022-30190 technical detai...

Microsoft Releases Workaround for ‘One-Click’ 0Day Under Active Attack
Threatpost • Elizabeth Montalbano • 01 Jun 2022

Microsoft has released a workaround for a zero-day flaw that was initially flagged in April and that attackers already have used to target organizations in Russia and Tibet, researchers said.
The remote control execution (RCE) flaw, tracked as CVE-2022-3019, is associated with the Microsoft Support Diagnostic Tool (MSDT), which, ironically, itself collects information about bugs in the company’s products and reports to Microsoft Support.
If successfully exploited, attackers can ins...

Windows MSDT zero-day now exploited by Chinese APT hackers
BleepingComputer • Sergiu Gatlan • 31 May 2022

Chinese-linked threat actors are now actively exploiting a Microsoft Office zero-day vulnerability (known as 'Follina') to execute malicious code remotely on Windows systems.
This Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution flaw (tracked as
) impacts all Windows client and server platforms still receiving security updates (Windows 7 or later and Windows Server 2008 or later).
Shadow Chaser Group's
, the researcher who first reported the zero-d...

Now Windows Follina zero-day exploited to infect PCs with Qbot
The Register • Jeff Burt • 01 Jan 1970

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Data-stealing malware also paired with Black Basta ransomware gang

Miscreants are reportedly exploiting the recently disclosed critical Windows Follina zero-day flaw to infect PCs with Qbot, thus aggressively expanding their reach.
The bot's operators are also working with the Black Basta gang to spread ransomware in yet another partnership in the underground world of cyber-crime, it is claimed.
This combination of Follina exploitation and its use to extort organizations makes the malware an even larger threat for enterprises. Qbot started off as a ...

Symantec: More malware operators moving in to exploit Follina
The Register • Jeff Burt • 01 Jan 1970

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Meanwhile Microsoft still hasn't patched the fatal flaw

While enterprises are still waiting for Microsoft to issue a fix for the critical "Follina" vulnerability in Windows, yet more malware operators are moving in to exploit it.
Microsoft late last month acknowledged the remote code execution (RCE) vulnerability – tracked as CVE-2022-30190 – but has yet to deliver a patch for it. The company has outlined workarounds that can be used until a fix becomes available.
In the meantime, reports of active exploits of the flaw continue to sur...

Windows zero-day exploited in US local govt phishing attacks
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

European governments and US local governments were the targets of a phishing campaign using malicious Rich Text Format (RTF) documents designed to exploit a critical Windows zero-day vulnerability known as Follina.
BleepingComputer is aware of local governments in at least two US states that were targeted by this phishing campaign.
"Proofpoint blocked a suspected state aligned phishing campaign targeting less than 10 Proofpoint customers (European gov & local US gov) attempt...

Microsoft shares mitigation for Office zero-day exploited in attacks
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

 
Microsoft has shared mitigation measures to block attacks exploiting a newly discovered Microsoft Office zero-day flaw abused in the wild to execute malicious code remotely.
The bug is a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability reported by 
 of the 
.
Microsoft is now tracking it as 
. The flaw impacts all Windows versions still receiving security updates (Windows 7+ and Server 2008+).

Windows MSDT zero-day vulnerability gets free unofficial patch
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

A free unofficial patch is now available to block ongoing attacks against Windows systems that target a critical zero-day vulnerability known as 'Follina.'
The bug, now tracked as
 and described by Redmond as a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution flaw, impacts all Windows versions still receiving security updates (Windows 7+ and Server 2008+).
Attackers who successfully exploit this zero-day can execute arbi...

Microsoft fixes under-attack Windows zero-day Follina
The Register • Jessica Lyons Hardcastle • 01 Jan 1970

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Plus: Intel, AMD react to Hertzbleed data-leaking holes in CPUs

Patch Tuesday Microsoft claims to have finally fixed the Follina zero-day flaw in Windows as part of its June Patch Tuesday batch, which included security updates to address 55 vulnerabilities.
Follina, eventually acknowledged by Redmond in a security advisory last month, is the most significant of the bunch as it has already been exploited in the wild.
Criminals and snoops can abuse the remote code execution (RCE) bug, tracked as CVE-2022-30190, by crafting a file, such as a Word do...