theadepti Posted October 24, 2023 Share Posted October 24, 2023 How does Follina or any such exploit make use of the Diagnostics to enter the system? Link to comment Share on other sites More sharing options...
0 dEEpEst Posted October 24, 2023 Share Posted October 24, 2023 How attackers exploit the CVE-2022-30190 vulnerability As an example of an attack, the researchers who discovered it describe the following scenario: Attackers create a malicious MS Office document and somehow deliver it to the victim. The most common way to do this is via an email with a malicious attachment, embellished with some classic social engineering trick to convince the recipient to open the file. Something like: “Urgently review the contract, it will be signed tomorrow morning” usually works. The infected file contains a link to an HTML file containing JavaScript code that executes malicious code on the command line via MSDT. When the exploit is successful, the attackers gain control to install programs, view, modify or destroy data, as well as create new accounts - that is, do everything that the victim's privileges on the system allow. How to protect yourself Wait for the patch. In the meantime, Microsoft recommends disabling the MSDT URL protocol. To do this, you must run a command line with administrator rights and run the command This is the hidden content, please Sign In or Sign Up Before doing this, it is recommended to backup the registry by running This is the hidden content, please Sign In or Sign Up This way, you can quickly restore the registry with the This is the hidden content, please Sign In or Sign Up command when this solution is no longer needed. However, this is only a temporary fix and as soon as it is available, you will need to install the update that closes the Follina vulnerability. Detecting the Follina Exploit Mitigation Is there an update available to address this vulnerability? Yes, the updates are available. Microsoft recommends installing the June updates as soon as possible. This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Question
theadeptiHow does Follina or any such exploit make use of the Diagnostics to enter the system?
Link to comment
Share on other sites
1 answer to this question
Recommended Posts