What is the Follina Vulnerability?
When Microsoft Support Diagnostic Tool (MSDT) is called using the URL protocol from a calling program like Word, a remote code execution vulnerability occurs. An attacker who successfully exploits this flaw can execute arbitrary code with the calling application’s privileges. In the context allowed by the user’s permissions, the attacker can then install applications, read, alter, or remove data, and create new accounts.
Follina gets Fixed
A patch for the high-severity flaw, known as CVE-2022-30190, was issued as part of Microsoft’s monthly security patching schedule, known as Patch Tuesday. The update isn’t on the list of patches included in the version, according to cybersecurity firm Sophos, though it has confirmed Follina is now mitigated.
Microsoft has issued a software update to address a global remote code execution vulnerability affecting the Microsoft Support Diagnostic Tool (MSDT) in Windows 7, 10, 11, and Windows Server — in other words, all Microsoft Windows devices. If exploited, this global vulnerability, known as “Follina,” enables hackers to remotely execute arbitrary code, effectively enabling a full takeover of the affected device — allowing them to view, delete, install programs, and create new accounts on compromised systems. Microsoft has recommended that all customers update their systems to protect their devices from this vulnerability.
It is important to note that a publicly available proof-of-concept exploit exists and attacks in the wild have been reported. For additional details, please see Microsoft’s security advisory.
Expert Advice from The Magnes Group
At the Magnes Group, we do things differently. With effort and care, we deliver the very best personalized insurance coverage and risk management advice. We serve businesses and individuals who appreciate quality, precision, and value in a way that many other insurance brokerages can’t or won’t.
As an independent insurance broker, we pride ourselves on providing straightforward, uncomplicated, and honest advice. We treat others as we would like to be treated ourselves. Not to increase market share but because it’s the right thing to do. You can rely on expert advice from the Magnes Group.
With thanks to Chubb