A recently discovered zero-day vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) made headlines over the past few days. CVE-2022-30190, also known under the name “Follina,” exists when MSDT is called using the URL protocol from an application, such as Microsoft Office, Microsoft…

[[ This is only the beginning! Please visit the blog for the complete entry ]]

thn 20

hivepro 5

malwarebytes 7

schneier 1

packetstorm 2

githubexploit 47

prion 1

qualysblog 9

metasploit 1

msrc 4

trellix 10

hackerone 1

mscve 2

cisa 1

rapid7blog 6

nessus 11

openvas 6

cisa_kev 1

threatpost 4

cve 1

kaspersky 2

checkpoint_advisories 1

zdt 1

krebs 1

attackerkb 1

pentestpartners 1

securelist 4

avleonov 2

googleprojectzero 1

mskb 12

ics 1

thn

XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks

2023-05-12 21:00:00

Asylum Ambuscade: A Cybercrime Group with Espionage Ambitions

2023-06-09 13:37:00

Hackers Exploiting Follina Bug to Deploy Rozena Backdoor

2022-07-09 08:49:00

hivepro

Follina: A zero-day vulnerability in Microsoft Office

2022-06-15 10:13:53

Exploitation of Follina leads to takeover of domain controller

2022-11-04 12:38:02

Woody RAT leverages Follina to target Russia

2022-08-05 18:22:17

malwarebytes

Woody RAT: A new feature-rich malware spotted in the wild

2022-08-03 21:25:52

Woody RAT: A new feature-rich malware spotted in the wild

2022-08-03 21:00:00

FAQ: Mitigating Microsoft Office’s ‘Follina’ zero-day

2022-06-01 16:36:44

schneier

Clever — and Exploitable — Windows Zero-Day

2022-06-01 18:25:36

packetstorm

Microsoft Office Word MSDTJS Code Execution

2022-06-07 00:00:00

Microsoft Office MSDT Follina Proof Of Concept

2022-05-31 00:00:00

githubexploit

Exploit for Vulnerability in Microsoft

2022-12-26 10:29:46

Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft

2022-06-04 19:48:37

Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft

2023-03-14 07:00:47

prion

Remote code execution

2022-06-01 20:15:00

qualysblog

Detect the Follina MSDT Vulnerability (CVE-2022-30190) with Qualys Multi-Vector EDR & Context XDR

2022-06-14 20:52:25

Launching Qualys Cloud Threat Database

2023-02-08 13:50:00

In-Depth Look Into Data-Driven Science Behind Qualys TruRisk

2022-10-10 14:32:29

metasploit

Microsoft Office Word MSDTJS

2022-05-30 17:23:18

msrc

Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability

2022-05-30 07:00:00

CVE-2022-30190 マイクロソフトサポート診断ツールの脆弱性に関するガイダンス

2022-05-30 07:00:00

Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability

2022-05-30 07:00:00

trellix

Trellix Global Defenders: Follina — Microsoft Office Zero-Day (CVE-2022-30190)

2022-06-03 00:00:00

Beyond File Search: A Novel Method

2023-07-26 00:00:00

Beyond File Search: A Novel Method

2023-07-26 00:00:00

hackerone

Reddit: Unrestricted File Upload on reddit.secure.force.com

2022-06-20 09:10:53

mscve

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

2022-05-30 07:00:00

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

2022-08-09 07:00:00

cisa

Microsoft Releases Workaround Guidance for MSDT "Follina" Vulnerability

2022-05-31 00:00:00

rapid7blog

CVE-2022-30190: "Follina" Microsoft Support Diagnostic Tool Vulnerability

2022-05-31 15:15:16

Metasploit Weekly Wrap-Up

2022-06-10 18:07:05

Metasploit Weekly Wrap-Up

2022-09-02 19:39:21

nessus

The Microsoft Windows Support Diagnostic Tool (MSDT) RCE Workaround Detection (CVE-2022-30190)

2022-05-31 00:00:00

KB5014743: Windows Server 2008 Security Update (June 2022)

2022-06-14 00:00:00

KB5014742: Windows 7 and Windows Server 2008 R2 Security Update (June 2022)

2022-06-14 00:00:00

openvas

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability (Follina)

2022-06-01 00:00:00

Microsoft Windows Multiple Vulnerabilities (KB5014748)

2022-06-15 00:00:00

Microsoft Windows Multiple Vulnerabilities (KB5014710)

2022-06-15 00:00:00

cisa_kev

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

2022-06-14 00:00:00

threatpost

Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug

2022-06-23 12:21:33

Follina Exploited by State-Sponsored Hackers

2022-06-07 12:45:00

Microsoft Releases Workaround for ‘One-Click’ 0Day Under Active Attack

2022-06-01 10:38:37

cve

CVE-2022-30190

2022-06-01 20:15:00

kaspersky

KLA12549 RCE vulnerability in Microsoft Windows

2022-05-30 00:00:00

KLA12550 RCE vulnerability in Microsoft Products (ESU)

2022-05-30 00:00:00

checkpoint_advisories

Microsoft Support Diagnostic Tool Remote Code Execution (CVE-2022-30190)

2022-06-01 00:00:00

zdt

Microsoft Office Word MSDTJS Code Execution Exploit

2022-06-07 00:00:00

krebs

Microsoft Patch Tuesday, June 2022 Edition

2022-06-15 04:52:30

attackerkb

CVE-2022-30190

2022-06-01 00:00:00

pentestpartners

Follina 0day exploit. Malicious code execution in Office docs

2022-06-01 05:38:30

securelist

IT threat evolution Q2 2022

2022-08-15 12:00:34

CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction

2022-06-06 08:00:02

IT threat evolution in Q2 2022. Non-mobile statistics

2022-08-15 12:00:43

avleonov

Microsoft Patch Tuesday June 2022: Follina RCE, NFSV4.1 RCE, LDAP RCEs and bad patches

2022-06-25 12:32:07

Microsoft Patch Tuesday August 2022: DogWalk, Exchange EOPs, 13 potentially dangerous, 2 funny, 3 mysterious vulnerabilities

2022-08-23 00:00:26

googleprojectzero

2022 0-day In-the-Wild Exploitation…so far

2022-06-30 00:00:00

mskb

June 14, 2022—KB5014748 (Monthly Rollup)

2022-06-14 07:00:00

June 14, 2022—KB5014742 (Security-only update)

2022-06-14 07:00:00

June 14, 2022—KB5014710 (OS Build 10240.19325) - EXPIRED

2022-06-14 07:00:00

ics

2022 Top Routinely Exploited Vulnerabilities

2023-08-03 12:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

Related for TALOSBLOG:DE5281D9A4A03E4FA1F2A0B62B527489

thn20 hivepro5 malwarebytes7 schneier1 packetstorm2 githubexploit47 prion1 qualysblog9 metasploit1 msrc4 trellix10 hackerone1 mscve2 cisa1 rapid7blog6 nessus11 openvas6 cisa_kev1 threatpost4 cve1 kaspersky2 checkpoint_advisories1 zdt1 krebs1 attackerkb1 pentestpartners1 securelist4 avleonov2 googleprojectzero1 mskb12 ics1