Who is Follina and What Has She Done With Microsoft?
Meet Follina. She’s an online bug or vulnerability that lets attackers run malicious code remotely in order to manipulate a user’s programs and data. And she’s got her hands on Microsoft.
The discovery of Follina
The vulnerability, known as a zero-day remote code execution (RCE) vulnerability, was discovered in the Microsoft Support Diagnostics Tool (MSDT) on May 27th this year.
It was found lurking in a Microsoft Word Document thanks to a virus scanning tool, VirusTotal. After some more digging from Microsft, it turned out the vulnerability had also been reported back in April, with the newer remote code execution vulnerability reported to target the US and European government personnel, as well as a major telecommunications provider here in Australia. We can’t see which company has been attacked, so it looks like they’re keeping this pretty tightly under wraps.
The dangers of the vulnerability
Microsoft said about Follina (which, by the way, is named after the Italian village that shares an area code with the vulnerability’s reference number):
“An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.”
Follina has been labelled as “critical” by the Australian Government’s Cyber Security Centre. The ACSC also said it was aware that the vulnerability was targeting local Aussie organisations.
When the flaw was first discovered, Microsoft reportedly tagged it as not a “security-related issue”. However, they later went on to say the issue had been fixed, although they didn’t announce an official patch there and then.
More recently, though, Microsoft has made a patch available to protect users against Follina once and for all. Their June 14th Windows Security Update included vulnerability patches, and it’s recommended that users install the updates to close the gap on Follina. If your system is set up to automatically update, you’re good to go - you shouldn’t need to do anything.
As a further helping hand, Microsoft published a list of their products that were affected by Follina. If you’re using any of these products, install the June updates as soon as you can.
What’s Follina up to these days?
Now that there’s a security patch against the abuse of Follina, does that mean your business’ accounts and data are all safe? Pretty much. The fix means the PowerShell (a scripting language used for automation) injection is blocked, which means any attempted attacks are useless.
But just because we’re protected against this version of Follina, that doesn’t mean other bugs or vulnerabilities won’t show their face. We could see the next generation of Follina, and other online threats are popping up all the time.
That means practising solid IT security - especially if you run a business - is critical.