Lucene search

K
malwarebytesThreat Intelligence TeamMALWAREBYTES:6AC81D4001C847401760BE111E21585B
HistoryJun 01, 2022 - 4:36 p.m.

FAQ: Mitigating Microsoft Office’s ‘Follina’ zero-day

2022-06-0116:36:44
Threat Intelligence Team
blog.malwarebytes.com
754

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

On Monday May 30, 2022, Microsoft issued CVE-2022-30190 for a zero-day remote code vulnerability, 'Follina', already being exploited in the wild via malicious Word documents.

Q: What exactly is Follina?

A: Follina is the nickname given to a new vulnerability discovered as a zero-day and identified as CVE-2022-30190. In technical terms it is a Remote Code Execution Vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT).

Q: But what does it mean, and is this a serious vulnerability?

A: An attacker can send you a malicious Office document that will compromise your machine with malware when you open it. It is serious since it is already actively being exploited in the wild and doesn't require users to enable macros.

Q: What is Microsoft doing about it?

A: Microsoft has offered mitigation steps that disable the MSDT URL Protocol. However, users should proceed with caution because of possible conflicts and crashes with existing applications.

Q: Does Malwarebytes protect against Follina?

A: Yes, it does. Please see additional steps below based on your product to ensure you are protected.

How to add protection with Malwarebytes

We are working on releasing a new version of Anti-Exploit that won't require adding new shields and will provide more holistic protection. For immediate mitigation, please follow the instructions below.

Malwarebytes Premium (Consumer)

Follow the instructions below to add sdiagnhost.exe as a new protected application.

Malwarebytes Nebula (Enterprise)

Follow the instructions below to add sdiagnhost.exe as a new protected application.

The post FAQ: Mitigating Microsoft Office's 'Follina' zero-day appeared first on Malwarebytes Labs.

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C