Exploited with some ardor by hackers, the 0-day “Follina” flaw, impacting all versions of Windows, is still not filled by Microsoft. And at this stage, the firm does not seem in enough of a hurry to act.
The rant of the week comes fromArs Technica. The specialized site returns to the 0-day “Follina” flaw, which has still not been patched by Microsoft. Discovered last April, this breach impacting Windows makes it possible to execute remotely, and with ” an unusual facility of the code on the targeted PCs. This flaw is currently exploited by hackers linked to ” known state groups “, Explain Ars Technicawhich adds that the latter go through corrupted documents, sent through spam, to compromise their targets.
“Follina”, an actively exploited flaw
We learn in this case that a dozen or so customers of Proofpoint (provider of secure software solutions), belonging to European governments and American local authorities, have already been affected by attacks aimed at exploiting the 0-day flaw. Follina. Meanwhile, Kaspersky security researchers report an increase in Follina exploits, most of which have affected the United States, followed by Brazil, Mexico and Russia.
” We expect to see more attempts to exploit Follina to gain access to corporate resources, including ransomware attacks and data breaches “comment the Kaspersky researchers, quoted by Ars Technica.
This lightning popularity of Follina with hackers is due to the ease of exploitation of this flaw. Compared to a more typical malicious document attack, compromising a PC with Follina requires significantly less interaction from the targeted user. In the case of a corrupted document sent by email, it is not necessary for this document to be opened by the user for his machine to be infected. The simple fact that this document appears in a preview window, even if the protected display is activated, can indeed be enough.
A still too partial response from Microsoft
Despite the enthusiasm of hackers and the concern of security researchers, Microsoft seems a bit too phlegmatic. Last week, the firm nevertheless acknowledged the existence of the Follina flaw, assigning it the tracking number CVE-2022-30190 and an estimate of 7.8 out of 10 on its severity scale. However, the firm did not share a patch, contenting itself at this stage with providing instructions for disabling the MSDT (Microsoft Support Diagnostic Tool): a tool that she believes to be the source of the flaw.
” Small teams of security researchers largely take Microsoft’s nonchalant approach as a sign that this is “one more vulnerability”, which it certainly isn’t. “said Jake Williams, Director of Cyber Threat Research at Scythe. “ Why Microsoft continues to downplay this vulnerability, which is being actively exploited, is unclear. It certainly does not help security teams “, he continues.
In the immediate future, and in the absence of more tonic measures on the part of Microsoft, the target organizations, governments and companies must rely only on themselves, their vigilance and their own security protocols.
On the same subject :
Cash-strapped Pegasus developers reportedly wanted to sell their spyware
Sources: Ars Technica, Kaspersky
9