• On 27th of May, 2022, a Remote Code Execution vulnerability (Follina) was identified relating to the Microsoft Windows Support Diagnostic Tool (MSDT) tool.
  • The vulnerability is actively exploited by Cyber criminals
  • Security patch made available on May 30th
  • An attacker could exploit the vulnerability by sending emails with a malicious attachment (Office, RTF, XML and HTML documents)
Vulnerabilità Follina

Risks and Solutions

  • The Follina vulnerability could be exploited, already in the next few weeks, by many criminal groups and Malware operators to compromise Italian company systems
  • These often use Office documents as a tool for system compromise
  • This way, criminals could bypass defensive technological solution
  • Probable increase in abuse of the MSDT tool for Malware and Phishing attacks

How to protect and how to react

The identification of this type of compromise can occur on different levels:

  • from email protection systems: AntiSpam and AntiMalware
  • from Antivirus and EDR solutions
  • from Log Monitoring and SIEM systems solutions

Fortgale recommends performing proactive threat hunting activities to identify this type of compromise potentially undetected by the systems mentioned above.

Choose the solution that best fit your company


Related articles