Follina Vulnerability – What is it?

June 5, 2022
Follina Vulnerability - What is it?

Microsoft disclosed a Remote Code Execution (RCE) flaw in the Microsoft Support Diagnostic Tool (MSDT), which allows an attacker to exploit “Follina” by sending a URL to a vulnerable workstation. Successful exploitation allows the hacker to install software, read or alter data, and create new accounts using the user rights of the victim.

The Follina vulnerability is dangerous due to its ease of exploitation and execution: all that is necessary to exploit it is an Office or RTF file containing a hyperlink to a site that distributes the viral payload.

Office documents are currently only one of the numerous available entry points. It is possible to open a malicious document using the Windows Diagnostic Engine after loading an HTML file with web scripting commands such as Wget or Curl.

Returning to the infected document (which affects a bigger audience), the operation is quite ingenious. Either when the file is opened or when Windows Explorer previews it, the virus load included in the file is executed.

According to Microsoft, this vulnerability has been exploited in the wild and might allow an unauthenticated, remote attacker to take control of a susceptible system. The proof-of-concept code for the Follina vulnerability is available online and is incorporated into typical exploitation frameworks and tools.

Microsoft has stated that Protected View will protect users from these attacks, despite the fact that no remedy has been offered. Researchers observed that Protected View is overcome if the hacker provides the vulnerability as an RTF file and the preview of the file is seen in Explorer.

Microsoft and the cybersecurity community have devised workarounds and mitigation strategies despite the absence of official upgrades. Although security companies have enhanced their solutions to detect attacks, additional exploitation attempts are expected as more vulnerability information and proof-of-concept exploits become widely known.

The exploit is compatible with Office Pro Plus, Office 2013, Office 2016, Office 2019, and Office 2021, but there is evidence that Microsoft was working on a solution prior to its release. Numerous files that exploit the Follina Vulnerability have been discovered in the wild. Exploitation appears to have begun in April, with users in India and Russia being targeted by extortion and interview requests.

Users should consistently observe the following:

1. Never open a file sent by an unknown sender.

2. Unless absolutely necessary, do not disable protected mode for documents downloaded from the internet or via email.

3. Do not open.rtf files downloaded from the internet, not even in preview mode.

Sign up for CISSP Training immediately.

Call +1 416-471-4545,

Email: info@cybercert.ca

Recent Posts

What differentiates Network Security from Cloud Security?
June 30, 2022

What differentiates Network Security from Cloud Security?

Network Protection Network security refers to the cybersecurity measures implemented to secure the network and data integrity. It seeks to protect any weak areas in your infrastructure, such as endpoints and servers, against internal and external threats. Network security encompasses all aspects of securing the local infrastructure of an organization, including its hardware components, software […]

Read More
What is the scope of ethical hacking?
June 29, 2022

What is the scope of ethical hacking?

Ethical hacking is a legitimate practice that involves a white-hat hacker trying to gain unauthorized access to computer systems, applications, or exposed data. They imitate the steps or methods that a malicious hacker could take to get the information they need. Typically, it is used to identify security holes that can be fixed beforehand to […]

Read More
A career in Cybersecurity or Application Development?
June 27, 2022

A career in Cybersecurity or Application Development?

Cybersecurity is fascinating as a game against an unknown opponent. It is pretty complex, and you constantly speculate about the gaps you create. To create a login for a website, you must first block all vulnerabilities, ensure the version is up-to-date, and then look for a hacker workaround. Your purpose may be unclear because you’re […]

Read More