Microsoft Zero-Day Exposure under Assault; Sector Awaits Patch Release

In the digital landscape, a new threat has emerged, dubbed "Follina," a zero-day vulnerability affecting Microsoft Office applications. This potential global menace, if exploited, could cause significant impacts across various sectors.

First reported in April, the Follina vulnerability (CVE-2022-30190) has been under scrutiny by cybersecurity researchers. Initially, it was found to affect Microsoft Word and Outlook, but further investigation revealed that any Office document handling OLEObject relationships is susceptible. This broadens the scope of potential threats, making businesses worldwide vulnerable.

Proofpoint researchers have been at the forefront of uncovering the exploitation of the Follina vulnerability. On June 6, 2022, they blocked a phishing campaign from a suspected state-aligned threat actor attempting to exploit this vulnerability. By June 8, TA570 threat actors were identified as exploiting the Follina vulnerability to deliver Qbot malware.

TA413, a persistent threat actor linked to China, has also been found using URLs to deliver Zip archives with Word documents, aiming to exploit the Follina vulnerability. TA413 has historically targeted dissidents linked to Tibet and European diplomatic and non-profit organisations.

The danger posed by the Follina vulnerability lies in its execution. Users can potentially trigger the exploit by previewing a document in Windows Explorer, eliminating the need for a full download. This ease of execution makes it a concerning threat for organisations that still rely on opening attachments to conduct business.

Microsoft has issued workarounds for the vulnerability but has yet to release a fix. However, they have released security updates and advisories to mitigate risks, and users are advised to apply these patches promptly to protect their systems.

As corporate stakeholders grapple with understanding the risk calculus of their technology stacks, the question on everyone's mind is: Are we a target? The damage could be significant, and the impact is global, according to cybersecurity expert Johannes Ullrich.

In theory, the vulnerability could be exploited in other Office applications in the future, according to Nikolas Cemerikic. Therefore, it is crucial for organisations to remain vigilant and proactive in their cybersecurity measures.

The most common method of delivering Follina is through email campaigns with attached files. As always, it is essential to exercise caution when opening attachments, especially from unknown sources. Stay informed, stay safe.