Serious Windows diagnostic tool vulnerability allows hackers to take over a computer

ByErma F. Brown

Jun 1, 2022 #Absorbable Modified Polymers Technology, #Advanced Technology Grants Pass, #Aidan'S Professional Technology Services, #Albuquerque Nm Information Technology Recruiters, #Bhd Technology Vr, #Catholic ""Information Technology, #Ceo Comcast Technology, #Computer Technology Electronic, #Current Applications Of Rdna Technology, #Disadvantages Technology Law, #Ferrum Technology Services, #Fundamentals Of Medical Laboratory Technology, #Gmu Department Of Information Technology, #Hornborg Alf Technology Effects, #I'M Done Working In Technology, #James V. Arms Technology, #Jurassic Park Technology Analysis, #Liquidmetal Technology News, #LLC, #Mathey Technology And Engineering, #Medical Technology In 500 Bc, #Musc Library Technology Downloads, #New Jersey Technology Office Space, #Pc Ralley Technology, #Ridge Technology Services, #Technology 3x Reverse Etf, #Technology Abuse Use, #Technology Adoption Three Types, #Technology Advantage Info, #Technology And Improving Menial Jobs, #Technology Classroom Building 311, #Technology Companys In Usa, #Technology Distracting Studying Students, #Technology Docking Stations, #Technology Enablement White Paper, #Technology Images For Ppt, #Technology Impact On Finance Departments, #Technology In Chennai, #Technology In Greek Translation, #Technology Into History Lesson, #Technology Is Electricity Ted Talks, #Technology Professionals Of British Columbia, #Technology Relatesecuirty Topics, #Technology Studies Emu, #Technology To Prevent Medication Errors, #Technology Want What Ails Look, #Tesla Technology Roadmap, #Veterinary Assisting Vs Veterinary Technology, #Wentworth Institute Of Technology Animation, #What Is Today'S Technology, #With The Arise Of Technology


An officially confirmed vulnerability in Microsoft Corp.’s Windows Support Diagnostic Tool can allow hackers to run remote code and take over a targeted Windows computer.

Known as CVE-2022-30190 in the Microsoft Support Diagnostic Tool, it was first reported May 27 by Nao Sec and then further detailed May 29 by security researcher Kevin Beaumont, who dubbed it “Follina.” The vulnerability primarily relates to Office but also spills into a core Windows function.

The vulnerability, in this case, allows hackers to target Windows users via malicious Word documents. The malicious Word document uses the remote template feature to fetch an HTML file from a remote server. The download exploits the Microsoft Support Diagnostic Tool protocol scheme to download additional code and execute malicious PowerShell code.

Microsoft Word documents with dubious code are not new, but where this gets interesting is that it exploits a previously unknown vulnerability in MSDT. Microsoft has also confirmed the vulnerability.

In a blog post Monday, the Microsoft Security Response Center describes the issue as a remote code execution vulnerability when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application.

Microsoft’s security team added that the attacker can then install programs, view, change, delete data or create new accounts in the context allowed by the user’s rights.

The immediate workaround is to disable the MSDT URL protocol. This involves running Command Prompt as an Administrator and executing the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f” .

Microsoft also recommends that users of Microsoft Defender Antivirus turn on cloud-delivered protection and automatic sample submission.

“Microsoft Office products present threat actors with an attractive attack surface as employees are constantly working with various documents as part of their job responsibilities,” Anton Ovrutsky, adversarial collaboration engineer at information security consulting firm Lares LLC, told SiliconANGLE. “Although Microsoft has implemented several hardening changes — including disabling macro functionality by default in the latest Office versions — this recent zero-day demonstrates not only the large attack surface found in Office but also the need to properly harden and monitor Office applications on the endpoint level, from a detection and response standpoint.

Mike Parkin, senior technical engineer at cyber risk management company Vulcan Cyber Ltd., noted that Word and other MS Office documents have been a popular attack vector for a long time.

“Office macros have been a tried-and-true attack vector for years, which is why ‘never trust unsolicited office documents’ is a thing,” Parkin explained. “Macros in office documents lent them great flexibility, but they were also easy for attackers to abuse.”

Alex Ondrick, director of security operations at digital forensics and incident response firm BreachQuest Inc., said attackers use a wide variety of custom scripts, copied code and social engineering attacks to persuade users to interact with their phishing email.

“Microsoft’s handling is concerning, but not surprising — Microsoft seems to be aware that ms-MSDT has a large attack surface and affects a large volume of its customers,” Ondrick said. “Given the historical context of it, I’d imagine that Microsoft is diligently working to get this zero-day under control.”


Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.


Source link