• Solutions
    • Managed Services
    • Microsoft 365
    • Microsoft 365 Backup
    • Security Awareness Training
  • Consulting
  • Resources
    • White Papers
  • Blog
  • Contact Us
Ramsey Consulting ServicesRamsey Consulting Services
  • Solutions
    • Managed Services
    • Microsoft 365
    • Microsoft 365 Backup
    • Security Awareness Training
  • Consulting
  • Resources
    • White Papers
  • Blog
  • Contact Us

Microsoft Office RCE Vulnerability ‘Follina’

May 30, 2022 Posted by RCS Content Team Blog

On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows vulnerability. This vulnerability is also known as “Follina”. This vulnerability primarily involves Microsoft Office, and could allow an attacker to install malware by sending a specially crafted Office document to a user. The user does not have to open the document for the malicious code in it to run, previewing the document is enough for the exploit to work.

What this means

We expect to see an uptick in the number of malicious emails as attackers move to take advantage of this vulnerability due to several factors:

  • This vulnerability is present in versions of Windows that do not have the June 2022 Cumulative Updates applied, and can be exploited through Microsoft 365, Office 2013 through 2019, Office 2021, and Office ProPlus.
  • It commonly utilizes a file type users commonly work with: Word files (currently .doc, .docx and .rtf files)
  • Threat actors are also using this exploit in malicious HTML content and in malicious URLs sent via email.
  • It allows remote code execution, and the attacker can use it to gain administrative privileges, even if the targeted user does not have them.
  • This exploit works even if Protected Mode is on, and Macros are disabled.
  • The file does not have to be opened by the recipient, simply previewing it is enough for it to execute.

However, this is no cause for panic. There is now a patch available, workarounds exist for machines that cannot be immediately updated, and detections are available via several security products.

Existing Clients (Managed)

Your devices have been patched, no action is needed on your part. Outside of that, as always, remain vigilant when receiving unusual email messages. This is where your training will pay off!

Everyone Else

Exercise caution when receiving email from unknown sources, especially those containing Office attachments, as this has become a popular delivery method. While many of the working exploits have utilized Word or Rich Text Format files, attackers have modified this exploit to utilize other methods, such as malicious URLs and HTML content.

On 6/14/2022, Microsoft patched this vulnerability in the June 2022 Cumulative Updates.

Workaround (for devices that cannot be immediately patched): Microsoft Security Response Center: Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability

Vigilance on your part will go a long way in mitigating the risk from this new vulnerability. Stay calm, stay sharp.

This post will be updated as new information is available. Last update 6/16/2022.

Share this:

Tags: cybersecurityMicrosoft officeremote code executionvulnerability

You also might be interested in

Business Email Compromise

Business Email Compromise

Mar 8, 2022

According to Earthweb.com, 333.2 BILLION emails are sent per day[...]

weak password

The Risks of Password Reuse for Businesses

Aug 11, 2021

According to the 2021 Verizon Data Breach Investigations Report (DBIR), 61% of the breaches studied involved compromised credentials.

Qakbot infections have seen a dramatic increase, with some security vendors seeing a four-fold increase in infections in Q3\Q4 of 2022. However, Qakbot is not new. Also known as QBot or Pinkslipbot, it was first seen in 2007, and has evolved over the last 15 years.

Qakbot: A new increase from an old threat

Nov 23, 2022

In the last few months, Qakbot infections have seen a[...]

COMPANY

Contact Us
Privacy Policy
Manage Cookies

RESOURCES

White Papers

SIGN UP FOR OUR NEWSLETTER

loader

By clicking Submit, I agree to the use of my personal data in accordance with the Ramsey Consulting Services Privacy Policy. Ramsey Consulting Services will not sell, trade, lease, or rent your personal data to third parties.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

©2024 Ramsey Consulting Services, All rights reserved.

Prev Next
This site uses cookies or similar technologies, as explained in our Privacy Policy. By continuing to browse or by clicking 'Accept', you consent to the use of these technologies. You can change which cookies are set at any time by clicking 'Cookie preferences', or the Manage Cookies link at the bottom of any page.
Cookie preferencesACCEPT AND CLOSE
Manage Cookies

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Analytic Cookies
Analytic cookies help us understand how our visitors interact with the website. It helps us understand the number of visitors, where the visitors are coming from, and the pages they navigate. The cookies collect this data and are reported anonymously.
SAVE & ACCEPT