Source |
CSO |
Identifiant |
4908429 |
Date de publication |
2022-05-31 12:29:00 (vue: 2022-05-31 20:05:12) |
Titre |
Microsoft gives mitigation advice for Follina vulnerability exploitable via Office apps |
Texte |
Attackers are actively exploiting an unpatched remote code execution (RCE) vulnerability in a Windows component called the Microsoft Support Diagnostic Tool (MSDT) through weaponized Word documents. Microsoft has responded with mitigation advice that can be used to block the attacks until a permanent patch is released.An exploit for the vulnerability, now tracked as CVE-2022-30190, was found in the wild by an independent security research team dubbed nao_sec, which spotted a malicious Word document uploaded to VirusTotal from an IP in Belarus. However, more malicious samples dating from April have also been found, suggesting the vulnerability has been exploited for over a month.To read this article in full, please click here |
Envoyé |
Oui |
Condensat |
2022 30190 actively advice also apps april are article attackers attacks been belarus block called can click code component cve dating diagnostic document documents dubbed execution exploit exploitable exploited exploiting follina found from full gives has have here however independent malicious microsoft mitigation month more msdt nao now office over patch permanent please rce read released remote research responded samples sec security spotted suggesting support team through tool tracked unpatched until uploaded used virustotal vulnerability weaponized which wild windows word |
Tags |
Tool
Vulnerability
|
Stories |
|
Notes |
|
Move |
|