Microsoft disclosed a Remote Code Execution (RCE) flaw in the Microsoft Support Diagnostic Tool (MSDT), which allows an attacker to exploit “Follina” by sending a URL to a vulnerable workstation. Successful exploitation allows the hacker to install software, read or alter data, and create new accounts using the user rights of the victim.
The Follina vulnerability is dangerous due to its ease of exploitation and execution: all that is necessary to exploit it is an Office or RTF file containing a hyperlink to a site that distributes the viral payload.
Office documents are currently only one of the numerous available entry points. It is possible to open a malicious document using the Windows Diagnostic Engine after loading an HTML file with web scripting commands such as Wget or Curl.
Returning to the infected document (which affects a bigger audience), the operation is quite ingenious. Either when the file is opened or when Windows Explorer previews it, the virus load included in the file is executed.
According to Microsoft, this vulnerability has been exploited in the wild and might allow an unauthenticated, remote attacker to take control of a susceptible system. The proof-of-concept code for the Follina vulnerability is available online and is incorporated into typical exploitation frameworks and tools.
Microsoft has stated that Protected View will protect users from these attacks, despite the fact that no remedy has been offered. Researchers observed that Protected View is overcome if the hacker provides the vulnerability as an RTF file and the preview of the file is seen in Explorer.
Microsoft and the cybersecurity community have devised workarounds and mitigation strategies despite the absence of official upgrades. Although security companies have enhanced their solutions to detect attacks, additional exploitation attempts are expected as more vulnerability information and proof-of-concept exploits become widely known.
The exploit is compatible with Office Pro Plus, Office 2013, Office 2016, Office 2019, and Office 2021, but there is evidence that Microsoft was working on a solution prior to its release. Numerous files that exploit the Follina Vulnerability have been discovered in the wild. Exploitation appears to have begun in April, with users in India and Russia being targeted by extortion and interview requests.
Users should consistently observe the following:
1. Never open a file sent by an unknown sender.
2. Unless absolutely necessary, do not disable protected mode for documents downloaded from the internet or via email.
3. Do not open.rtf files downloaded from the internet, not even in preview mode.
Sign up for CISSP Training immediately.
Call +1 416-471-4545,
Most online transactions begin with identification, which calls for the user to “identify” themselves by supplying a name, email address, phone number, or username. This is the procedure through which someone claims to be a specific individual. However, it may be challenging in an online setting to confirm that a person is providing a legitimate […]Read More
The unique serial number that each interface’s manufacturer assigns to each interface at the manufacturing is known as the MAC Address, or Media Access Control address. To put it another way, it is the unique, global physical identification number assigned to each and every device connected to a network interface, whether wired or wireless. On […]Read More
The process of providing and implementing software updates is known as “patch management.” These fixes are often required to fix software bugs. Operating systems, applications, and embedded systems are typical domains that need patches. A patch may be used to correct a vulnerability that is discovered after a piece of software has been released. By […]Read More