Microsoft guidance for Office zero-day vulnerability – Follina

I have written about this Microsoft Word vulnerability earlier this week:

New attack using Microsoft Office documents – could you or your team recognise it? – Smart Thinking Solutions

There is still not patch – but Microsoft has issued some mitigation guidance:

Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability – Microsoft Security Response Center

The vulnerability is already being exploited by a number of state-backed threat actors, according to reports.

Further Reading

Microsoft releases guidance for Office zero-day used to target orgs in Russia, India, Tibet – The Record by Recorded Future

Microsoft Releases Workaround Guidance for MSDT “Follina” Vulnerability | CISA

CVE-2022-30190 – Security Update Guide – Microsoft – Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability