In a Twitter thread, anti-phishing extension provider Wallet Guard stated that the vulnerability could enable malicious actors to take charge of the victim’s computer without opening the file. Additionally, the exploit is not complicated and cannot be detected by anti-virus.
How Follina impacts computer
The attack manifests itself by using the Microsoft Office documents to open a Microsoft Diagnostics Tool (MSDT) file handler. Attackers might leverage phishing or social engineering to get users to open an attached file and gain access to the victim’s entire system from this point. In response to the vulnerability, Microsoft had earlier published guidance alongside a security update under CVE-2022-30190. In a blog post, Microsoft acknowledged attackers could use the vulnerability to successfully install programs, view, change or delete data or create new accounts. Users leveraging the Microsoft Cloud-Delivered Protection Service have a high chance of remaining safe; however, the researchers recommended disabling the MSDT URL Protocol as a workaround to prevent troubleshooters from launching as links. To stay safe, Wallet Guard also suggested that Microsoft Defender’s Attack Surface Reduction (ASR) users can activate the “Block all Office Applications from creating child processes” option into “Block mode.” The researchers warned against blindly downloading .doc, .docx, and .rtf files but instead utilize PDF documents and other options like Google documents. Additionally, the threat was acknowledged by the United States government through the Cybersecurity and Infrastructure Security Agency (CISA). The vulnerability’s detection comes after a recent report revealed that in 2021, total Microsoft malware dropped by 5% to 1,212 from 2020’s figure of 1,268.