08 Jun / 2022
Cyber Security
What Is Vulnerable?
Windows Office 2013 and later, including the latest patches for Office 2021
What’s Happening?
Microsoft Office is the latest victim to a remote code execution vulnerability which was publicly disclosed by Microsoft on the 31st of May. Nicknamed Follina, this vulnerability is actively being used against Australian organisations by threat actors, according to the ACSC.
How It Works
This vulnerability harnesses Microsoft Support Diagnostic Tool (MSDT) and a malicious URL baked into a word document. When the URL is clicked HTML will download from a webserver and execute arbitrary PowerShell code using the ms-msdt protocol. There are 3 key factors that cause Follina to be troubling to security researchers.
As of the 1st of June, there are no official patches available for vulnerable versions of Office products. There is however a simple fix to remediate against this in the interim. The MSDT URI can be disabled via a registry edit in CMD or Group Policy.
Cythera continues to monitor all managed clients and detection capabilities we have in place will likely detect any post-exploitation activities related to this vulnerability.
Unlocking Growth Through Security: Operationalising MDR for Australian Organisations
Australian small and medium-sized enterprises (SMEs) are at a critical juncture regarding cybersecurity. Recent data shows that 60% of Australia…
Read MoreCommon issues with the ACSC 37 Strategies
Common issues with the ACSC 37 Strategies to Mitigate Cyber Security Incidents The ACSC publication, Strategies To Mitigate Cyber Security Inci…
Read MoreOpenSSL v3.0.x Buffer Overrun Vulnerability
CVE-2022-3602 – OpenSSL v3.0.x Buffer Overrun VulnerabilityCVE: CVE-2022-3602 and CVE-2022-3786What Is Vulnerable?: OpenSSL versions 3.0.0 or …
Read More