If you are an active user of Microsoft Office, watch out for this vulnerability! A researcher found a zero-day vulnerability in Microsoft Office called "Follina" (CVE-2022-30190), which allows hackers to use Microsoft Support Diagnostic Tool to hack the target system and run arbitrary code with the user privileges of the calling application. Simply put, all Windows versions that currently support security updates (Windows 7 and later, Windows Server 2008 and later) will be affected.
Through a phishing email blast, attackers spread Microsoft Office files with Follina, the most common of which is Word files. As soon as the user opens or previews the Word file, the vulnerability will be triggered, asking the system to automatically download a JavaScript code containing malicious redirection. Thus, through Microsoft Support Diagnostic Tool (MSDT) - this is a Windows utility used to troubleshoot and collect diagnostic data for professionals to analyze and solve problems, attackers are able to run PowerShell malicious programs, then install programs, view, change, delete or obtain data.
Through Follina, hackers can control the victim's system and obtain their personal information. It is worth mentioning that hackers can easily access the victim's browser expansion related information. If you often use an online wallet for transaction or asset transfer, such as cryptocurrency hot wallet Metamask, hackers can obtain the key stored in the browser and steal your cryptocurrency or digital assets.
Microsoft has now released an official Windows updates to fix this vulnerability, calling on users to update Windows immediately.
The tricky part of the Follina vulnerability is that users are caught once they open a file. Therefore, the most effective preventive measure must be installing the latst anti-virus software. Just in case you open a phishing email or file, the anti-virus software can stop hackers to run their malicious programs.
In addition, we also recommend that you should regularly install fix files to prevent zero-day vulnerabilities. Enterprises and companies should also regularly arrange phishing awareness training to equip employees with enough intel and prevent them from falling into phishing attacks.