Oh Follina, Why Oh Why, Oh Follina
One of the biggest challenges everyone faces when using Information Technology Resources, whether a PC, a Server or even a Networking Device - is security vulnerabilities, that security researchers keep looking for. Whiel it is easy for someone to say - Hey would an attacker attack me, but the current status of these attacks are not designed to target an individual or an organisation, in case you have a vulnerable system, you are prone to attack, and the latest confirmation by Microsoft about the Vulnerability found in Microsoft Support Diagnostic Tool, that can be trigged by an Email, is something you should immediately have IT team members look into, in case you use Microsoft Office. If you are interested in how to stay safe, and not worry about these threats in the future, talk to us about our Asset and Patch Management Service.
"Zero-day" is a broad term that describes recently discovered security vulnerabilities that hackers can use to attack systems.
- What is the Follina Bug, and How does it Work
- What can you do, Right now?
- I have Microsoft Defender Antivirus, Am I not Secured?
- Is there something I should Avoid?
A Follina application comes via email in a DOC File, that References an https looking URL That gets downloaded, and references an HTML File with some Java Script Code, that actiates MSDT (Microsoft SUpport Diagnostic Tool) to run Untrusted code, giving remot eaccess to be able to read / write / delete to your system.
Microsoft has isssued an advisory, that reuqires a Registry Key setting to be done. You will need to have Adminstrative Privileges, to do this. You should also ensure all your Operating Systems, and Applications are updated, and have all software and utillities licenced properly with the latest updates.
Over the years the popularity of using Microsoft Defender Antivirus has grown, and yes in this specific case there is a point where it can hel you be protected, make sure you turn on th ecloud-delivered protection and automatic sample submissio - but a good investment shoudl be made in an End Point Security that helps you stay secure against Zero Day Attacks.
Make a habbit of not opening every attachment you get, and avoid opening attachments from unknown senders. Before you open an attachment, make a habbit of scanning them with an Antivirus. Though a point to note here is “Detection is probably not going to be great, as Word loads the malicious code from a remote template (webserver), so nothing in the Word document is actually malicious,”
You can always take it easy and outsource your Asset & Patch Management to System3's Professional Team - Making sure all your IT Assets are Protected from Zero Day Threats.