Beginning in June, the researchers in the nao_sec team found the Follina zero-day vulnerability, which allows remote code execution on Windows machines.
Interesting maldoc was submitted from Belarus. It uses Word’s external link to load the HTML and then uses the “ms-msdt” scheme to execute PowerShell code.https://t.co/hTdAfHOUx3 pic.twitter.com/rVSb02ZTwt
— nao_sec (@nao_sec) May 27, 2022
The vulnerability allows code to be run remotely on Windows systems. In some cases, the attack can be successful even if the victim does not open the file but only uses the preview feature or opens it in safe mode. The vulnerability, which the researchers named Follina, was later renamed CVE-2022.
June 14With the Windows security update released in 2022 Microsoft Support Diagnostics It closed the vulnerability related to Utility.
