- On 27th of May, 2022, a Remote Code Execution vulnerability (Follina) was identified relating to the Microsoft Windows Support Diagnostic Tool (MSDT) tool.
- The vulnerability is actively exploited by Cyber criminals
- Security patch made available on May 30th
- An attacker could exploit the vulnerability by sending emails with a malicious attachment (Office, RTF, XML and HTML documents)
Risks and Solutions
- The Follina vulnerability could be exploited, already in the next few weeks, by many criminal groups and Malware operators to compromise Italian company systems
- These often use Office documents as a tool for system compromise
- This way, criminals could bypass defensive technological solution
- Probable increase in abuse of the MSDT tool for Malware and Phishing attacks
How to protect and how to react
The identification of this type of compromise can occur on different levels:
- from email protection systems: AntiSpam and AntiMalware
- from Antivirus and EDR solutions
- from Log Monitoring and SIEM systems solutions
Fortgale recommends performing proactive threat hunting activities to identify this type of compromise potentially undetected by the systems mentioned above.
