Exploitation of Microsoft Office vulnerability: Follina
Alert Severity: Critical
Issue Date:2022-05-30
Updated On:2022-06-14
CVE(s): CVE-2022-30190
What has happened?
A patch for this vulnerability has been released as part of Microsoft’s June 2022 cumulative Windows Patch Tuesday. Affected systems should install the patch immediately. On 31 May 2022, Microsoft disclosed a remote code execution (RCE) vulnerability in the Microsoft Support Diagnostic Tool (MSDT). This vulnerability, dubbed Follina, can be exploited by an attacker calling MSDT using the URL protocol from a calling application such as Word. Successful exploitation allows an attacker to install programs, view or change data, or create new accounts in line with the victim’s user permissions.
What all products are impacted?
- Windows 10 32 bit and x64
- Windows 11
- Windows 7
- Windows 8.1
- Windows RT 8.1
- Windows Server 2008 R2
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Sever 2022
How to keep my environment Safe from this vulnerability?
Microsoft has published a list of all affected products as part of their Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability security update guide. Users of any of the affected products should ensure all relevant patches are installed as soon as possible.
Integer Overflow in established WhatsApp video call can cause remote code execution
