The exploit is being used for financial extortion, among other things. They might download malicious software, leak files, and do pretty much everything else.īeaumont has shared plenty of examples of the way Follina has already been exploited and found in various files. Once the attacker gains control of your computer via MSDT, it’s up to them as far as what they want to do. As long as you view it in File Explorer, Follina can be executed. rtf files, the exploit can run even if you don’t open the file. Unfortunately, in this case, it also grants remote access to your computer, which helps the exploit take control of it. Under regular circumstances, MSDT is a safe tool that Microsoft uses to debug various issues for Windows users. Follina relies on this in order to enter the computer and then runs a series of commands that opens up MSDT. A feature in MS Word called Templates allows the program to load and execute code from external sources. rtf files, but other MS Word files can also be affected. Although no patch has been released for it just yet, Microsoft’s workaround involves disabling the Microsoft Support Diagnostic Tool (MSDT), which is how the exploit gets entry into the attacked computer. It first came to light on May 27 through a tweet by nao_sec, although Microsoft allegedly first heard of it as early as April. The vulnerability has been dubbed Follina by one of the researchers who first looked into it - Kevin Beaumont, who also wrote a lengthy post about it. This PowerPoint ploy could help hackers empty your bank account Hackers are sending malware through seemingly innocent Microsoft Teams messages Update your Apple devices now to fix these dangerous exploits
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |