March 27, 2023

Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!

Microsoft gives mitigation advice for Follina vulnerability exploitable via Office apps

Attackers are actively exploiting an unpatched remote code execution (RCE) vulnerability in a Windows component called the Microsoft Support Diagnostic Tool (MSDT) through weaponized Word documents. Microsoft has responded with mitigation advice that can be used to block the attacks until a permanent patch is released.

An exploit for the vulnerability, now tracked as CVE-2022-30190, was found in the wild by an independent security research team dubbed nao_sec, which spotted a malicious Word document uploaded to VirusTotal from an IP in Belarus. However, more malicious samples dating from April have also been found, suggesting the vulnerability has been exploited for over a month.

To read this article in full, please click here