Skip to main content

Security Update Available for Microsoft Vulnerability "Follina" (CVE-2022-30190)

CVE-2022-30190, also known as "Follina", is a vulnerability in Microsoft Diagnostic Tool (MSDT) that allows remote code execution via multiple applications such as Microsoft Word

Threat ID:
CC-4110
Threat Severity:
Medium
Published:
15 June 2022 1:26 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

CVE-2022-30190, also known as "Follina", is a vulnerability in Microsoft Diagnostic Tool (MSDT) that allows remote code execution via multiple applications such as Microsoft Word

Affected platforms

The following platforms are known to be affected:

Microsoft Windows Server

  • Windows Server 2022 (Server Core installation)
  • Windows Server 2022
  • Windows Server, version 20H2 (Server Core Installation)
  • Windows Server 2019 (Server Core installation)
  • Windows Server 2019
  • Windows Server 2016 (Server Core installation)
  • Windows Server 2016
  • Windows Server 2012 R2 (Server Core installation)
  • Windows Server 2012 R2
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2012
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1

Microsoft Windows

  • Windows 11 for x64-based Systems
  • Windows 11 for ARM64-based Systems
  • Windows 10 Version 21H2 for x64-based Systems
  • Windows 10 Version 21H2 for ARM64-based Systems
  • Windows 10 Version 21H2 for 32-bit Systems
  • Windows 10 Version 21H1 for x64-based Systems
  • Windows 10 Version 21H1 for ARM64-based Systems
  • Windows 10 Version 21H1 for 32-bit Systems
  • Windows 10 Version 20H2 for x64-based Systems
  • Windows 10 Version 20H2 for ARM64-based Systems                                                            
  • Windows 10 Version 20H2 for 32-bit Systems
  • Windows 10 Version 1809 for x64-based Systems
  • Windows 10 Version 1809 for ARM64-based Systems
  • Windows 10 Version 1809 for 32-bit Systems
  • Windows 10 Version 1607 for x64-based Systems
  • Windows 10 Version 1607 for 32-bit Systems
  • Windows 10 for x64-based Systems
  • Windows 10 for 32-bit Systems
  • Windows RT 8.1
  • Windows 8.1 for x64-based systems
  • Windows 8.1 for 32-bit systems
  • Windows 7 for x64-based Systems Service Pack 1
  • Windows 7 for 32-bit Systems Service Pack 1

Threat details

Introduction

The vulnerability known as CVE-2022-30190 or "Follina" was publicly disclosed in late May 2022. Microsoft formally acknowledged the vulnerability and released a blog detailing workarounds until an update could be issued. Several Advanced Persistent Threat (APT) groups were seen exploiting this vulnerability in May and June 2022.

This vulnerability evades common protections associated with Office documents, requires minimal user interaction, and could be used by a remote attacker to execute arbitrary code, escalate privileges to fully take over a machine, or deploy additional malware.

Remediation advice

Affected organisations are strongly encouraged to read Cyber Alert CC-4109 regarding the Microsoft June 2022 monthly updates and the Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability page for CVE-2022-30190 and apply the relevant updates as soon as practicable.

Last edited: 15 June 2022 1:26 pm