What's New Knowledge
Dorian Pożyczka

Cybersecurity Alert: 'Follina' Zero-Day Vulnerability

What is 'Follina' Zero-Day Vulnerability and how can you protect against it?

Until now, in the overwhelming majority of cases, it was enough to have macros disabled to deal with infected Microsoft Office. However, it is not the case with Follina vulnerability that works completely different - you just need to open a text file to run a dangerous script.

In short, the way it works is that opening a Word document downloads an external HTML file that contains the instruction that executes the msdt.exe command. This is how the MSDT* system tool is launched, with which you can execute any code in PowerShell.

Unfortunately, as of today, no security patch from Microsoft is available. To protect yourself from Follina vulnerability, go to Axence nVision® in:

Users -> All Users -> Atlas Info -> Locks -> Application Blocking → and then block the msdt.exe application.

It is also advisable to create an automatic report displaying the employee's accounts on which msdt.exe was run and checking it on a regular basis. In nVision, such a report can be automatically generated and sent to the indicated e-mail address.

It is also worth considering permanently disabling PowerShell from being run by employees. Our experience shows that the vast majority of organizations do not have such a blockade, and thus, make themselves more vulnerable to potential attacks.

Here’s the way you can do that:

Users -> All Users -> About Atlas -> Locks -> Application Blocking → and then typing powershell.exe.

In this case, it's also a good idea to set up automatic reports showing which computers PowerShell is run on. If you want to find out more information about Follina vulnerability, check out our next article.

*MSDT (Microsoft Support Diagnostic Tool) is an embedded tool used by Windows to report, diagnose, and troubleshoot operating system errors.

Zgłoś uwagi do strony

Podziel się z nami swoją opinią o stronie axence.net i miej wpływ na jej udoskonalenie

We respect your privacy

Axence and its providers use cookies and similar technologies to provide the users with greater comfort of use and analyze their interactions with our websites, products and services. We also use them to ensure better search for information, as well as in advertisements on this and other websites. If you agree, click on the “I agree” button. In order to limit the sharing, click on the link to adapt the settings. You can change the settings in the website footer at any time.

Your privacy settings

If you allow us to collect cookies, we will be able to analyze traffic on the website, and thus create a website that is convenient to you and where you can easily find the information you need. These data will only be used for internal purposes of Axence.

Required cookies

They are always enabled because they allow the basic operation of the Axence.net website

If you allow us to collect cookies, we will be able to analyze the traffic on the site, and thus create a website that will be convenient for you and on which you will easily find the information you need. This data will be used only for Axence's internal needs.

Non-required cookies

We use tools for counting, tracking and analyzing visits. This will help us understand how users use the site and where we should make improvements.