• Home
  • Services
    • Managed Detection and Response
    • Security Assessment
    • Phishing Assessment
    • Vulnerability Management
    • CISO as a Service
    • Penetration Testing
    • Outside-in-Security
    • Inside-Out-Security
    • Security Audit
    • Static Code Analysis
  • Insights
  • Contact Us
Menu
  • Home
  • Services
    • Managed Detection and Response
    • Security Assessment
    • Phishing Assessment
    • Vulnerability Management
    • CISO as a Service
    • Penetration Testing
    • Outside-in-Security
    • Inside-Out-Security
    • Security Audit
    • Static Code Analysis
  • Insights
  • Contact Us
Phone-alt Linkedin

Common Vulnerabilities and Exposures May 2022 – Follina Zero Day Vulnerability

A new zero-day vulnerability affecting office applications, dubbed “Follina”, has been discovered in the past few days. This vulnerability functions as a “zero click” remote code execution, where the exploit can be executed without actually needing to open the file.

Follina works by exploiting the Microsoft Diagnotic Tool (msdt), which runs even when macros have ben disabled. The process starts with a rel link within a Microsoft Office document which calls out and downloads a malicious html script. This HTML script will then invoke the msdt component and run the exploit. Evidence of this vulnerability being actively exploited can be traced back at least 1 month ago with a sample having been uploaded to a malware sandbox. It is important to note that to preview pane execution of this vulnerability can also be executed in rich text format files (.rtf extensions).

Brace168 have pushed new detection rules in order to identify any potential executions or exploitation of the “Follina” zero-day vulnerability within client environments. The Brace168 threat hunt team is also conducting active retrospective hunts to identify any activity that may have already occurred.

Recent blog posts

Common Vulnerabilities and Exposures – October 2022

Read More »

Hacks – October 2022

Read More »

Protecting your data – The CIA Triad – Part One: Confidentiality

Read More »

Need help with this?

Enter your details below and one of our team will get in touch

Other Similar Articles

Partner News – KnowBe4

Read More »

Your O365 Security Checklist

Read More »

Hacks – October 2022

Read More »

Encryption

Read More »
View all our blog articles
Linkedin
  • Insights
  • Contact Us
Menu
  • Insights
  • Contact Us

Our Office

Level 2, 157 Walker Street, North Sydney, NSW 2060

Call Us

(02) 9136 6066

Email Address

info@brace168.com