Follina (security vulnerability)
Follina is the name given to a remote code execution (RCE) vulnerability, a type of arbitrary code execution (ACE) exploit, in the Microsoft Support Diagnostic Tool (MSDT) which was first widely publicized on May 27, 2022, by a security research group called Nao Sec.[1] This exploit allows a remote attacker to use a Microsoft Office document template to execute code via MSDT. This works by exploiting the ability of Microsoft Office document templates to download additional content from a remote server. If the size of the downloaded content is large enough it causes a buffer overflow allowing a payload of Powershell code to be executed without explicit notification to the user. On May 30 Microsoft issued CVE-2022-30190[2] with guidance that users should disable MSDT.[3] Malicious actors have been observed exploiting the bug to attack computers in Russia and Belarus since April, and it is believed Chinese state actors had been exploiting it to attack the Tibetan government in exile based in India.[4] Microsoft patched this vulnerability in its June 2022 patches.[5]
| CVE identifier(s) | CVE-2022-30190 |
|---|---|
| Date discovered | Publicly disclosed May 27, 2022 |
| Date patched | June 14, 2022 |
| Affected software | Microsoft Security Diagnostic Tool |
See also
References
- Corin Faife (Jun 1, 2022). "China-linked hackers are exploiting a new vulnerability in Microsoft Office". theverge.com.
- "Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability".
- MSRC (May 30, 2022). "Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability".
- Carly Page (June 1, 2022). "China-backed hackers are exploiting unpatched Microsoft zero-day". techcrunch.com.
- Vijayan, Jai (June 14, 2022). "Microsoft Patches 'Follina' Zero-Day Flaw in Monthly Security Update". Dark Reading. Retrieved June 14, 2022.