Microsoft patches Follina threat in latest Patch Tuesday release

Date:
Wed, 15 Jun 2022 19:03:32 +0000

Description:
Microsoft urges everyone to patch systems as soon as possible or face atatck.

FULL STORY ======================================================================

Microsoft has just pushed its June 2022 cumulative update for Windows, including a patch for the dreaded Follina vulnerability.

"Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action," Microsoft said in its advisory.

Discovered by cybersecurity expert Kevin Beaumont, and dubbed Follina, the flaw leverages a Windows utility called msdt.exe, designed to run different troubleshooter packs on Windows. The researcher found that when the victim downloads a weaponized Word file, they dont even need to run it, previewing
it in Windows Explorer is enough for the tool to be abused (it has to be an RTF file, though).

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 . Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/10.99. Follina abused in the wild

By abusing this utility, the attackers are able to tell the target endpoint
to call an HTML file, from a remote URL. The attackers have chosen the xmlformats[.]com domain, probably trying to hide behind the similar-looking, albeit legitimate, openxmlformats.org domain used in most Word documents.

The HTML file holds plenty of junk, which obfuscates its true purpose - a script that downloads and executes a payload.

Microsofts fix doesnt prevent Office from loading Windows protocol URI handlers automatically and without user interaction, but it does block PowerShell injection, thus rendering the attack useless. Read more

Watch out for this dangerous new Microsoft Word scam, Office users warned

This dangerous Microsoft Office zero-day is now being exploited in the

wild

Windows Follina zero-day now being abused to infect PCs with Qbot malware

As soon as it was discovered, researchers started spotting the flaw being abused in the wild. Among its earliest adopters, allegedly, were Chinese state-sponsored threat actors, mounting cyberattacks against the
international Tibetan community.

"TA413 CN APT spotted ITW exploiting the Follina 0Day using URLs to deliver Zip Archives which contain Word Documents that use the technique," cybersecurity researchers from Proofpoint said two weeks ago. The same
company also found Follina being abused by another threat actor, TA570, to distribute Qbot, while NCC Group found it being further abused by Black
Basta, which is a known ransomware group.

Via: BleepingComputer



======================================================================
Link to news story: https://www.techradar.com/news/microsoft-patches-follina-threat-in-latest-patc h-tuesday-release/


--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)