Follina (CVE-2022-30190): Greenbone Enterprise and Community Feed coverage

Coverage for Follina CVE-2022-30190 has been implemented and included this afternoon (Jun 3, 2022 CET Timezone) with an additional feed update (Feed-Version: 202206031133).

A flaw has surfaced in Microsoft Office that allows attackers to remotely execute malicious code on the systems of attacked users using manipulated documents. Greenbone has added an appropriate authentication test to the Greenbone Enterprise and Community Feeds to defend against attacks against the new Follina vulnerability in Microsoft Office.

The CVE, named “Follina,” is critical and requires immediate action: simply opening Word documents can give attackers access to your resources. Because a flaw in Microsoft Office allows attackers to download templates from the Internet via ms-msdt:-URI handler at the first click, attackers can create manipulated documents that, in the worst case, can take over entire client systems or spy on credentials.

According to Microsoft, the “protected view” offers protection. However, because users can deactivate this with just one click, the US manufacturer advises deactivating the entire URL handler via a registry entry.

As of today, all Office versions seem to be affected.

The Greenbone Enterprise and Community Feeds now contains an authenticated check for Microsoft’s proposed workaround, helping you to protect yourself from the impact of the vulnerability.

Our development team is monitoring the release of Microsoft patches and recommendations for further coverage.

Original post from the Greenbone Blog in English and German.
The forum discussion thread is here.

2 Likes