top of page

Cytidel Intel Insights - CVE-2022-30190

Updated: Apr 6, 2023

In the ever-expanding landscape of IT Security and vulnerability management, there is always a new threat to be on the look out for. This week’s Cytidel Intelligence Insight is about CVE-2022-30190, dubbed “Follina”, the Microsoft Support Diagnostics Tool zero-day that allows Remote Code Execution by simply opening the wrong Word or Excel file.



In the ever-expanding landscape of IT Security and vulnerability management, there is always a new threat to be on the look out for. This week’s Cytidel Intelligence Insight is about CVE-2022-30190, dubbed “Follina”, the Microsoft Support Diagnostics Tool zero-day that allows Remote Code Execution by simply opening the wrong Word or Excel file.

What Is It?

On 27th May 2022, a Japanese cyber security research team, Nao_Sec, observed a recently discovered exploit of Microsoft’s Support Diagnostic Tool, which allowed PowerShell code to be executed in Micosoft Office documents. This exploit was a zero-day vulnerability in one of the most widely used products in the world, Microsoft Office.

Why Should I Care?

Remote Code Execution can be one of the most devastating outcomes from malicious threat actors. An RCE vulnerability essentially means that a threat actor can run their malicious code on your devices without your knowledge, potentially leading to ransomware, identity hijacking or data exfiltration. In short, a vulnerability like this is one of the most likely to lead to a breach.

What Can I Do?

Thankfully, the fix for CVE-2022-30190 was released in Microsoft’s June 2022 Security Updates on 14th June 2022 (https://msrc.microsoft.com/update-guide/releaseNote/2022-Jun). To ensure you and your organization are not at risk to this vulnerability, upgrade your Microsoft Office and Office 365 Applications to the latest version as soon as possible

If you’re interested in receiving regular intelligence updates tailored to your organization, please reach out to us at hello@cytidel.com or send one of our Founders a message on LinkedIn (Matt / Conor)

Comments


bottom of page