CVE-2022-30190 - "Folina"

[alex303]

Čudi me da niko nije pokrenuo raspravu na ovu temu, pa evo ja ću biti prvi. Dakle, Folina je MS Office exploit koji omoguća remote code execution na Windows platformi preko MS Word dokumenata. Ne koristi macro, dovoljno je samo otvoriti dokument, i to je to. Da stvar bude još gora, ako se koriste RTF dokumenti, dovoljno je otvoriti folder u kojem se nalazi "inficirani" dokument, i exploit se aktivira. Dakle, nije potrebno čak ni otvaranje dokumenta što je zastrašujući podatak. Pošto eksploit koristi legitimne mehanizme u Windows operativnom sistemu, ni jedan Antivirus ovo ne vidi kao pretnju niti postoji patch koji ovo rešava.

Više detalja i demonstracija

 

[Lanikor]

Veselo bas - od "pazi gde klikces" do "pazi"

Sa Kaspersky sajta:

How to stay safe​

As mentioned above, there’s no patch yet. In the meantime, Microsoft recommends disabling the MSDT URL protocol. To do this, you need to run a command prompt with administrator rights and execute the command reg delete HKEY_CLASSES_ROOT\ms-msdt /f. Before doing this, it’s a good idea to back up the registry by executing reg export HKEY_CLASSES_ROOT\ms-msdt filename. This way you can quickly restore the registry with the reg import filename command as soon as this workaround is no longer needed.


Of course, this is only a temporary measure, and you should install an update that closes the Follina vulnerability as soon as it becomes available.


The described methods of exploiting this vulnerability involve the use of e-mails with malicious attachments and social engineering methods. Therefore, we recommend being even more careful than usual with e-mails from unknown senders — especially with attached MS Office documents. For companies, it makes sense to regularly raise employee awareness about the most relevant hacker tricks.


In addition, all devices with internet access should be equipped with robust security solutions. Even when someone is exploiting an unknown vulnerability, such solutions can prevent malicious code from running on a user’s machine.