Cybersecurity Alert: 'Follina' Zero-Day Vulnerability
What is 'Follina' Zero-Day Vulnerability and how can you protect against it?
Until now, in the overwhelming majority of cases, it was enough to have macros disabled to deal with infected Microsoft Office. However, it is not the case with Follina vulnerability that works completely different - you just need to open a text file to run a dangerous script.
In short, the way it works is that opening a Word document downloads an external HTML file that contains the instruction that executes the msdt.exe command. This is how the MSDT* system tool is launched, with which you can execute any code in PowerShell.
Unfortunately, as of today, no security patch from Microsoft is available. To protect yourself from Follina vulnerability, go to Axence nVision® in:
Users -> All Users -> Atlas Info -> Locks -> Application Blocking → and then block the msdt.exe application.
It is also advisable to create an automatic report displaying the employee's accounts on which msdt.exe was run and checking it on a regular basis. In nVision, such a report can be automatically generated and sent to the indicated e-mail address.
It is also worth considering permanently disabling PowerShell from being run by employees. Our experience shows that the vast majority of organizations do not have such a blockade, and thus, make themselves more vulnerable to potential attacks.
Here’s the way you can do that:
Users -> All Users -> About Atlas -> Locks -> Application Blocking → and then typing powershell.exe.
In this case, it's also a good idea to set up automatic reports showing which computers PowerShell is run on. If you want to find out more information about Follina vulnerability, check out our next article.
*MSDT (Microsoft Support Diagnostic Tool) is an embedded tool used by Windows to report, diagnose, and troubleshoot operating system errors.
Articles in What's New category
Shift up a gear with Axence nVision® 15.5! Crank up your IT to the highest speed!
10/8/2024Infinite Possibilities with Remote Access in Axence nVision® 15.0!
10/8/2024Take Your Network Security to the Next Level with Axence nVision® 14.5!
10/8/2024Join us for Admin Days Global on April 25-27!
10/8/2024CyberSec Day - an event recap
10/8/2024The release of Axence nVision® 14
10/8/2024Cybersecurity Alert: 'Follina' Zero-Day Vulnerability
10/8/2024The premiere of Axence nVision® 13.5
10/8/2024Axence nVision® 12.5 premiere
10/8/2024Axence nVision® 12.1 is available now!
10/8/2024Happy Holidays!
10/8/2024Axence nVision® 12 premiere today!
10/8/2024