Follina- MSDT Exploit- CVE2022-30190 Explained with Detection and Mitigation

Here is another explanation of Follina- MSDT Exploit which has been numbered as CVE2022-30190.

I have tried to explain it from timeline, history, demo perspective, mitigation, detection strategies everything. The bug is a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability reported by crazyman of the Shadow Chaser Group. Microsoft is now tracking it as CVE-2022-30190. The flaw impacts all Windows versions still receiving security updates (Windows 7+ and Server 2008+).

As security researcher nao_sec found, it is used by threat actors to execute malicious PowerShell commands via MSDT in what Redmond describes as Arbitrary Code Execution (ACE) attacks when opening or previewing Word documents.

“An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application,” Microsoft explains.

Frank

#DataScientist, #DataEngineer, Blogger, Vlogger, Podcaster at http://DataDriven.tv . Back @Microsoft to help customers leverage #AI Opinions mine. #武當派 fan. I blog to help you become a better data scientist/ML engineer Opinions are mine. All mine.