Follina 0day for Windows: exploit is already out, what to do

Some European governments have been the target of a phishing campaign that uses malicious rich text documents (RTF from Rich Text Format). These documents were designed to exploit a critical (zero-day) Windows vulnerability known as Follina.

0day bw

"Proofpoint blocked a suspicious phishing campaign that was trying to take advantage of Follina /CVE_2022_30190", Revealed security researchers of the company Proofpoint.
The attackers used promises of salary increases to get employees to open documents containing a malicious Powershell script.

With the PowerShell script of this attack, attackers are able to gather large amounts of information:

Browser passwords: Google Chrome, Mozilla Firefox, Microsoft Edge, Opera, , Vivaldi, CentBrowser, Comodo, CheDot, Orbitum, Chromium, Slimjet, Xvast, Kinza, Iridium, CocCoc και AVAST Browser.

Data from others : , Netsarang session files, Windows Live Mail contacts, passwords, ToDesk configuration file, WeChat, Oray SunLogin RemoteClient, MailMaster, ServU, Putty, FTP123, WinSCP, RAdmin, Microsoft Office, Navicat
Information from Windows: Computer information, username list, Windows domain information

Proofpoint suspects that this campaign is being run by a government.

Το κενό ασφαλείας που χρησιμοποιείται σε αυτές τις επιθέσεις παρακολουθείται σαν CVE-2022-30190 και το Redmond το αναφέρει σαν σφάλμα απομακρυσμένης εκτέλεσης κώδικα στο διαγνωστικό εργαλείο υποστήριξης των Microsoft Windows (MSDT από το Microsoft Windows Diagnostic Tool).

CVE-2022-30190 is still unpatched and affects all versions of Windows that still receive (ie Windows 7+ and Server 🇧🇷

While Microsoft has not yet released updates that fix CVE-2022-30190 vulnerabilities, CISA urges administrators and Windows users disable the MSDT protocol used in these attacks, since exploit is already on the internet.

Until Microsoft releases official security updates, you can repair your systems using unofficial updates released by micropatching 0patch (registration required and not recommended). The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive notifications of new posts by email.

Follina, 0day

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).