Microsoft Releases Workaround for ‘One-Click’ 0Day Under Active Attack
Microsoft has released a workaround for a critical zero-day flaw that is reportedly being actively exploited by threat actors. Dubbed ‘Follina,’ the vulnerability was originally identified in April and has been leveraged by attackers to target organizations in Russia and Tibet. The flaw is tracked as CVE-2022-3019 and is a remote control execution (RCE) vulnerability associated with the Microsoft Diagnostic Tool (MSDT). MSDT collects information about bugs in Microsoft’s products and submits a report to Microsoft Support. According to security researchers at Microsoft, if the bug is successfully exploited attackers can gain the ability to install programs, view, change, and delete data, create new accounts, and other admin level actions.
The recently released workaround comes six weeks after the vulnerability was first identified, however, Microsoft did not see the flaw as a serious issue. The flaw was revisited when Japanese security vendor Nao Sec tweeted new warnings about it over the weekend, stating that it was now being used to target users in Belarus. Malwarebytes Threat Intelligence also spotted the flaw a few months ago, but was unable to fully identify it. Microsoft has not yet developed a patch but the workaround mitigates the risks for now.