This post was originally made on 9 June 2022
Update 15 June 2022
Microsoft has included updates in it’s Patch Tuesday bundle to address this issue:
Microsoft Patch Tuesday – Follina zero-day fixed – Smart Thinking Solutions
Get the updates done as soon as possible.
Let’s hope this is really a fixed and not a Microsoft “almost patched” fix!
Update 13 June 2022
An unpatched flaw in Microsoft Windows (msdt.exe) and Microsoft Word was always going to be major cyber security threat. This article from Didier Stevens at SANS Internet Storm, shows you the mechanics, with useful screen shots, of how the malicious code can execute from a Word RTF file when previewed using File Explorer:
Quickie: Follina, RTF & Explorer Preview Pane – SANS Internet Storm Centre
And for reference:
Analysis Of An “ms-msdt” RTF Maldoc – SANS Internet Storm Centre
Original post – includes Microsoft advice
It was obvious, the number of daily users of Microsoft Word must number in the hundreds of millions and you will probably struggle to find a business or organisation that does not use Microsoft Word (I am sure even Apple uses it – as people must send them Word documents).
So the threat actors are ramping up their attacks, whilst Microsoft works on the fix.
Windows Follina zero-day exploited to infect PCs with Qbot • The Register
Attackers Exploit MSDT Follina Bug to Drop RAT, Infostealer – Symantec Enterprise Blogs
What’s Follina? A Microsoft Word macro exploitation that runs even if Macros are disabled!
Microsoft guidance for Office zero-day vulnerability – Follina – Smart Thinking Solutions
Active exploit for Follina – the still unpatched flaw in Microsoft Word – Smart Thinking Solutions
Do you and your team need training in how to deal with these daily threats? We have two options:
Cyber Awake | Train Your Team To Protect Against Cyber Attacks
and