Weeks ago, the new Follina zero-day bug caused a stir in remote code execution in Microsoft Office. More specifically, it is a security vulnerability in Microsoft's Support Diagnostic Tool (MSDT). The BSI has now declared the orange warning level (max. red) for Follina. The CVSS (Common Vulnerability Scoring System) score is now rated “High” 7,8 out of 10.
Microsoft already published details and mitigation measures for a vulnerability in Microsoft's Support Diagnostic Tool (MSDT) via the Microsoft Security Response Center on May 30.05.2022, 2022. The vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) number CVE-30190-7.8. According to the Common Vulnerability Scoring System (CVSS), the severity of the vulnerabilities is classified as 3.1 (CVSSvXNUMX).
Warning level increases from “Yellow” to “Orange”
The vulnerability can be exploited using a specially crafted Word file, which may enable attackers to initiate the download of an HTML file from the Internet based on the remote template function contained in the document processing program. This can
be misused to further execute PowerShell code, allowing attackers to install programs, view, modify, or delete data. The findings of the security researchers from nao_sec, who discovered an uploaded and prepared Word file at VirusTotal, now underline that the vulnerability is being actively exploited.
What can you do?
Microsoft has already released an official workaround and will hopefully release a permanent patch soon. As handy as Microsoft's proprietary ms-xxxx URLs are, the fact that they are designed to automatically start processes when certain file types are opened or even just previewed is clearly a security risk.
Also, a commonly accepted troubleshooting technique in the community is to simply break the relationship between ms-msdt:URLs and the MSDT.EXE utility. A further description of the vulnerability can be found in a first news from Sophos.
More at BSI.bund.de
About the Federal Office for Information Security (BSI) The Federal Office for Information Security (BSI) is the federal cyber security authority and the creator of secure digitization in Germany. The guiding principle: As the federal cyber security authority, the BSI designs information security in digitization through prevention, detection and reaction for the state, economy and society.