• Login
No Result
View All Result
My Blog
  • Home
  • World
  • Politics
  • Business
  • Science
  • Tech
    Meet Some Indian Startups On This Journey

    Meet Some Indian Startups On This Journey

    Power Up: Anker GaNPrime Charger

    Power Up: Anker GaNPrime Charger

    The Dark Side of ChatGPT: Employees & Businesses Need to Prepare Now

    The Dark Side of ChatGPT: Employees & Businesses Need to Prepare Now

    How AI and ML Are Making Digital Lending More Flexible For the MSME Sector

    How AI and ML Are Making Digital Lending More Flexible For the MSME Sector

    Samsung To Manufacture Premium Galaxy S23 Smartphones In India

    Samsung To Manufacture Premium Galaxy S23 Smartphones In India

    How Start-Ups are Helping Reinvent Maritime Shipping Industry

    How Start-Ups are Helping Reinvent Maritime Shipping Industry

    Trending Tags

    • Sillicon Valley
    • Climate Change
    • Election Results
    • Flat Earth
    • Golden Globes
    • MotoGP 2017
    • Mr. Robot
  • Entertainment
    • All
    • Movie
    • Music
    • Sports
    The ‘Dune’ Miniseries Is a Fascinating Piece of History

    The ‘Dune’ Miniseries Is a Fascinating Piece of History

    Coinbase Offered Them Dream Jobs—and Then Took Them Away

    Coinbase Offered Them Dream Jobs—and Then Took Them Away

    The January 6 Hearings Are Fighting for Your Attention

    The January 6 Hearings Are Fighting for Your Attention

    12 Best Messenger Bags (2022): Crossbody, Slings, Shoulder Bags

    12 Best Messenger Bags (2022): Crossbody, Slings, Shoulder Bags

    Big Tech Has Become a Creature of the Swamp

    Big Tech Has Become a Creature of the Swamp

    Sea to Summit Alto TR1 Review: A Fantastic Ultralight Tent

    Sea to Summit Alto TR1 Review: A Fantastic Ultralight Tent

    Prediction Engines Are Like Karma: You Get What You Stream

    Prediction Engines Are Like Karma: You Get What You Stream

    ‘The Quarry’ Lets You Experience What’s Great About Slasher Films

    ‘The Quarry’ Lets You Experience What’s Great About Slasher Films

    Summer Game Fest’s Biggest Announcement? A ‘Last of Us’ Remake

    Summer Game Fest’s Biggest Announcement? A ‘Last of Us’ Remake

  • Lifestyle
    • All
    • Fashion
    • Health
    • Travel
    nurse

    Everything You Need To Know About Nurse Residency

    Drug detox

    Are you the right candidate for medical detox?

    The Benefit of Using Sunscreen Protection

    The Benefit of Using Sunscreen Protection

    Gift Ideas for Celebrating a Loved One’s College Acceptance

    Gift Ideas for Celebrating a Loved One’s College Acceptance

    What are the major reasons to form gall bladder stones?

    What are the major reasons to form gall bladder stones?

    The ‘Dune’ Miniseries Is a Fascinating Piece of History

    The ‘Dune’ Miniseries Is a Fascinating Piece of History

    Coinbase Offered Them Dream Jobs—and Then Took Them Away

    Coinbase Offered Them Dream Jobs—and Then Took Them Away

    The January 6 Hearings Are Fighting for Your Attention

    The January 6 Hearings Are Fighting for Your Attention

    12 Best Messenger Bags (2022): Crossbody, Slings, Shoulder Bags

    12 Best Messenger Bags (2022): Crossbody, Slings, Shoulder Bags

    Big Tech Has Become a Creature of the Swamp

    Big Tech Has Become a Creature of the Swamp

    Trending Tags

    • Golden Globes
    • Mr. Robot
    • MotoGP 2017
    • Climate Change
    • Flat Earth
  • More
    • Directions
  • Home
  • World
  • Politics
  • Business
  • Science
  • Tech
    Meet Some Indian Startups On This Journey

    Meet Some Indian Startups On This Journey

    Power Up: Anker GaNPrime Charger

    Power Up: Anker GaNPrime Charger

    The Dark Side of ChatGPT: Employees & Businesses Need to Prepare Now

    The Dark Side of ChatGPT: Employees & Businesses Need to Prepare Now

    How AI and ML Are Making Digital Lending More Flexible For the MSME Sector

    How AI and ML Are Making Digital Lending More Flexible For the MSME Sector

    Samsung To Manufacture Premium Galaxy S23 Smartphones In India

    Samsung To Manufacture Premium Galaxy S23 Smartphones In India

    How Start-Ups are Helping Reinvent Maritime Shipping Industry

    How Start-Ups are Helping Reinvent Maritime Shipping Industry

    Trending Tags

    • Sillicon Valley
    • Climate Change
    • Election Results
    • Flat Earth
    • Golden Globes
    • MotoGP 2017
    • Mr. Robot
  • Entertainment
    • All
    • Movie
    • Music
    • Sports
    The ‘Dune’ Miniseries Is a Fascinating Piece of History

    The ‘Dune’ Miniseries Is a Fascinating Piece of History

    Coinbase Offered Them Dream Jobs—and Then Took Them Away

    Coinbase Offered Them Dream Jobs—and Then Took Them Away

    The January 6 Hearings Are Fighting for Your Attention

    The January 6 Hearings Are Fighting for Your Attention

    12 Best Messenger Bags (2022): Crossbody, Slings, Shoulder Bags

    12 Best Messenger Bags (2022): Crossbody, Slings, Shoulder Bags

    Big Tech Has Become a Creature of the Swamp

    Big Tech Has Become a Creature of the Swamp

    Sea to Summit Alto TR1 Review: A Fantastic Ultralight Tent

    Sea to Summit Alto TR1 Review: A Fantastic Ultralight Tent

    Prediction Engines Are Like Karma: You Get What You Stream

    Prediction Engines Are Like Karma: You Get What You Stream

    ‘The Quarry’ Lets You Experience What’s Great About Slasher Films

    ‘The Quarry’ Lets You Experience What’s Great About Slasher Films

    Summer Game Fest’s Biggest Announcement? A ‘Last of Us’ Remake

    Summer Game Fest’s Biggest Announcement? A ‘Last of Us’ Remake

  • Lifestyle
    • All
    • Fashion
    • Health
    • Travel
    nurse

    Everything You Need To Know About Nurse Residency

    Drug detox

    Are you the right candidate for medical detox?

    The Benefit of Using Sunscreen Protection

    The Benefit of Using Sunscreen Protection

    Gift Ideas for Celebrating a Loved One’s College Acceptance

    Gift Ideas for Celebrating a Loved One’s College Acceptance

    What are the major reasons to form gall bladder stones?

    What are the major reasons to form gall bladder stones?

    The ‘Dune’ Miniseries Is a Fascinating Piece of History

    The ‘Dune’ Miniseries Is a Fascinating Piece of History

    Coinbase Offered Them Dream Jobs—and Then Took Them Away

    Coinbase Offered Them Dream Jobs—and Then Took Them Away

    The January 6 Hearings Are Fighting for Your Attention

    The January 6 Hearings Are Fighting for Your Attention

    12 Best Messenger Bags (2022): Crossbody, Slings, Shoulder Bags

    12 Best Messenger Bags (2022): Crossbody, Slings, Shoulder Bags

    Big Tech Has Become a Creature of the Swamp

    Big Tech Has Become a Creature of the Swamp

    Trending Tags

    • Golden Globes
    • Mr. Robot
    • MotoGP 2017
    • Climate Change
    • Flat Earth
  • More
    • Directions
No Result
View All Result
My Blog
No Result
View All Result
Home National

Microsoft Follina Vulnerability in Windows Can Be Exploited Through Office 365

by lacygibson
June 3, 2022
in National, World
0
Microsoft Follina Vulnerability in Windows Can Be Exploited Through Office 365
0
SHARES
1
VIEWS
Share on FacebookShare on Twitter


Researchers have final warning Over the weekend, a vulnerability in Microsoft’s support diagnostic tool could be exploited to remotely control a target device using a malicious Word document.Microsoft Publishing Guidelines Monday, including temporary defensive measures.As of Tuesday, the U.S. Cybersecurity and Infrastructure Security Agency has warn “A remote, unauthenticated attacker could exploit this vulnerability,” dubbed Follina, “to take control of an affected system.” But Microsoft would not say when or if a patch for the flaw will be released, although the company has acknowledged the flaw. Being actively exploited by attackers in the wild. When asked by WIRED yesterday, the company still had no comment on the possibility of a patch.

The Follina vulnerability in the Windows Support Tools could easily be exploited by a specially crafted Word document. The lure is equipped with a remote template that retrieves malicious HTML files and ultimately allows attackers to execute Powershell commands in Windows. The researchers noted that they described the vulnerability as a “zero-day” or a previously unknown vulnerability, but Microsoft did not classify it as such.

Tom Hegel, a senior threat researcher at security firm SentinelOne, said: “As the public learns more about the vulnerability, we’re starting to see immediate responses from various attackers who start using it.” Attackers have been observed exploiting the vulnerability through malicious documents, but researchers have also discovered other methods, including manipulating HTML content in web traffic.

“While malicious documentation methods are very concerning, the less documented methods that can trigger exploits are troubling until patched,” Hegel said. “I expect opportunistic and targeted threat actors to use this vulnerability in various ways when options are available – it’s too easy.”

The vulnerability exists in all supported Windows versions and can be exploited through Microsoft Office 365, Office 2013 to 2019, Office 2021, and Office ProPlus. The main mitigations proposed by Microsoft include disabling specific protocols in the Support Diagnostic Tool and using Microsoft Defender Antivirus to monitor and block exploits.

But incident responders say more action is needed given how easy it is to exploit the vulnerability and how much malicious activity was detected.

Michael Raggi, an employee threat researcher at Proofpoint, a security firm focused on Chinese state-backed hackers, said: “We’re seeing various APT actors integrate this technique into longer infection chains that exploit the Follina vulnerability.” For example, in 2022 On May 30, we observed Chinese APT actor TA413 sending a malicious URL in an email posing as the Central Tibetan Administration. Different actors insert Follina-related files at different stages of their infection chain, depending on their pre-existing toolkit and deployed strategy. “

The researchers also seen malicious file exploit Follina is targeting Russia, India, the Philippines, Belarus and Nepal.First Undergraduate Researcher The flaw was noticed in August 2020, but it was first reported to Microsoft on April 21. The researchers also noted that the Follina hacks were particularly useful to attackers because they could be extracted from malicious documents without relying on macros, an abused Office document feature that Microsoft has been working hard to control.

Sherrod DeGrippo, vice president of threat research at Proofpoint, said: “Proofpoint has identified a variety of actors involved in the Follina vulnerability in phishing campaigns.”

For all these real-world exploits, the question is whether the guidance Microsoft has issued so far is sufficient and proportional to the risk.

“Security teams can view Microsoft’s indifferent approach as a sign that it’s ‘just another vulnerability,'” said Jake Williams, director of cyber threat intelligence at security firm Scythe. “It’s not clear why Microsoft continues to downplay this vulnerability,” he said. Especially when it’s actively exploited in the wild.”



Tags: ExploitedFollinahacker attackmalicious softwareMicrosoftOfficeSafetyVulnerabilityWindows
lacygibson

lacygibson

Next Post
13 Best Hair Straighteners We’ve Tested (2022): Flat Irons, Hot Combs, and Straightening Brushes

13 Best Hair Straighteners We've Tested (2022): Flat Irons, Hot Combs, and Straightening Brushes

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Analog Devices Stock is a Defensive Semiconductor Play

Analog Devices Stock is a Defensive Semiconductor Play

9 months ago
After Hearing “No” Dozens of Times This Entrepreneur Became Orlando’s First $1 Billion Fintech Unicorn

After Hearing “No” Dozens of Times This Entrepreneur Became Orlando’s First $1 Billion Fintech Unicorn

9 months ago

Popular News

    Connect with us

    • Contact
    • Read Latest News Around The World – Frapios
    Write Us at: [email protected]

    Copyright Reserved © 2022

    No Result
    View All Result
    • Home
    • Politics
    • World
    • Business
    • Science
    • National
    • Entertainment
    • Gaming
    • Movie
    • Music
    • Sports
    • Fashion
    • Lifestyle
    • Travel
    • Tech
    • Health
    • Food

    Copyright Reserved © 2022

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In