More on Follina exploits including advice on how to protect your organisation – now executing in File Explorer preview pane… UPDATE 15 June 2022

This post was originally made on 9 June 2022

Update 15 June 2022

Microsoft has included updates in it’s Patch Tuesday bundle to address this issue:

Microsoft Patch Tuesday – Follina zero-day fixed – Smart Thinking Solutions

Get the updates done as soon as possible.

Let’s hope this is really a fixed and not a Microsoft “almost patched” fix!

Update 13 June 2022

An unpatched flaw in Microsoft Windows (msdt.exe) and Microsoft Word was always going to be major cyber security threat. This article from Didier Stevens at SANS Internet Storm, shows you the mechanics, with useful screen shots, of how the malicious code can execute from a Word RTF file when previewed using File Explorer:

Quickie: Follina, RTF & Explorer Preview Pane – SANS Internet Storm Centre

And for reference:

Analysis Of An “ms-msdt” RTF Maldoc – SANS Internet Storm Centre

Original post – includes Microsoft advice

It was obvious, the number of daily users of Microsoft Word must number in the hundreds of millions and you will probably struggle to find a business or organisation that does not use Microsoft Word (I am sure even Apple uses it – as people must send them Word documents).

So the threat actors are ramping up their attacks, whilst Microsoft works on the fix.

Windows Follina zero-day exploited to infect PCs with Qbot • The Register

Attackers Exploit MSDT Follina Bug to Drop RAT, Infostealer – Symantec Enterprise Blogs

What’s Follina? A Microsoft Word macro exploitation that runs even if Macros are disabled!

Microsoft guidance for Office zero-day vulnerability – Follina – Smart Thinking Solutions

Zero-day threat using Microsoft Office documents – even if macros are disabled – it’s called Follina – Smart Thinking Solutions

Active exploit for Follina – the still unpatched flaw in Microsoft Word – Smart Thinking Solutions

Do you and your team need training in how to deal with these daily threats? We have two options:

Cyber Awake | Train Your Team To Protect Against Cyber Attacks

and

Follina email phishing 200