1. Microsoft Acknowledges Vulnerability via Microsoft Diagnostics Tool
Wednesday, June 22, 2022 - In a recent announcement, Microsoft acknowledged there was a
vulnerability issue within their diagnostics tool that could leave Microsoft Office users
vulnerable to cyber-attack infiltrations.
Microsoft is the world's largest information technology and software provider for personal
consumers and businesses. This makes them an ongoing target for vulnerability attacks. The U.S.
Cybersecurity and Infrastructure Security Agency (CISA) has stated that over one-third of all
vulnerability attacks occurring this year have been targeted at flaws in Microsoft systems.
In the recent security advisory for CVE-2022-30190 also called Follina, Microsoft described the
vulnerability as a remote code execution (RCE) that exists when the Microsoft Diagnostics Tool
(MSDT) is called using the URL protocol from an application like Microsoft Word. This
vulnerability is able to achieve code execution when opening or even previewing Word
documents. In addition, this exploitation can occur even if macros are disabled and Windows
Defender has been shown ineffective in blocking the exploitation.
MSDT is a Microsoft application that automatically collects diagnostic information and that
information is then sent to Microsoft when something goes wrong within Windows. Because this
application can also be called up when using Microsoft Word, a potential attack can occur
affecting both desktop systems and servers.
What Does This Mean For You?
When a cyber-attack successfully exploits the vulnerability, it can run code within the privileges
of the application. This means that the cyber attacker can then go in and access or even delete
data, view and change things within the program, install additional programs and even create
new accounts within the limits set by the user’s rights. All this is done without the person even
knowing they’ve been compromised.
Research has shown that Microsoft versions from 2013, 2016, 2019, 2021, and even some
versions of the Microsoft 365 license have been compromised. This has occurred within
Microsoft Windows 10 and 11.
How Does This Happen?
The attacker will send an infected file to an unsuspecting user. Generally using social
engineering tactics, the attacker gets the user to open or preview the document. This could be in
the format of .doc, .dox, or even .rtf. Within that document is the malicious HTML code. When
2. the person opens or even previews the document without opening it, that’s when the malicious
HTML containing the MSDT scheme is released. The code is unknowingly executed and the
person's system or even their servers are now infected and compromised. The attacker can now
install malware, data can be leaked, and more.
What Can I Do to Protect Myself?
It’s important to protect your system(s) right away. First, take great care when opening
attachments in emails, especially from unknown users. Since the attackers are using social
engineering as an entryway into your system, be aware of who the emails are coming from.
Microsoft recommends applying the latest updates available. You can learn more about these
updates and the CVE-2022-30190 vulnerability by visiting
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190.