Follina Vulnerability – Microsoft Office Zero Day Threat

A zero-day vulnerability in Microsoft Office was discovered and reported over the weekend that involves remote code execution simply through the opening of a Word document, even in preview.  Microsoft has issued CVE-2022-30190 in response to this flaw, though this bug is generally being referred to as the Follina vulnerability.   When the malicious Word document is opened even in preview, the file executes malicious PowerShell commands via Microsoft Diagnostic Tool (MSDT).  This code works without elevated privileges and is currently evading Microsoft Defender detection.

The following are several blog posts and updates concerning this vulnerability, its functionality, and workarounds in the absence of a patch:

https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

https://www.bleepingcomputer.com/news/security/new-microsoft-office-zero-day-used-in-attacks-to-execute-powershell/

Active Shooter Updates

Given the tragedies of the last few weeks, I thought it would be an appropriate time to reshare some of the active shooter content from this site over the last few years. Now more than ever, it is an important time to be prepared and trained for these types of incidents.

Microsoft Identifies new Sysrv-K Botnet Variant

Given the recent tanking of bitcoin value in the open market, you might think that the criminal exploitation of private computers for coin mining might start to slow, but I guess the cyber bad guys in the world need to compensate for their value loses and mine new coins.

This article from the great team over at InfoSecurity is a great overview. Enjoy and beware!

https://www.infosecurity-magazine.com/news/microsoft-botnet-variant-windows/