Background / What has happened?
UPDATE: A patch for this vulnerability has been released as part of Microsoft’s June 2022 cumulative Windows Updates (aka Patch Tuesday). Affected organisations are encouraged to patch immediately.
On 31 May 2022, Microsoft disclosed a remote code execution (RCE) vulnerability in the Microsoft Support Diagnostic Tool (MSDT). This vulnerability, dubbed Follina, can be exploited by an attacker calling MSDT using the URL protocol from a calling application such as Word. Successful exploitation allows an attacker to install programs, view or change data, or create new accounts in line with the victim’s user permissions.
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of active exploitation of the Follina vulnerability targeting Australian organisations.
Proof of Concept code to exploit the Follina vulnerability is available online and has been integrated into common exploitation frameworks and tools. Disabling Microsoft Office Macros does not prevent exploitation of this vulnerability.
Mitigation / How do I stay secure?
Microsoft has published a list of all affected products as part of their Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability security update guide. Australian users of any of the affected products should ensure all relevant patches are installed as soon as possible.
Microsoft Windows users should continue to monitor Microsoft’s website for updates and future vulnerabilities.
Assistance / Where can I go for help?
The ASD’s ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ASD’s ACSC via 1300 CYBER1 (1300 292 371).