Audax Cybersecurity is warning of China-backed hackers exploiting an unpatched, zero-day Microsoft Office vulnerability known as "Follina" to remotely execute malicious code on Windows systems.

The high severity vulnerability was named Follina and identified as CVE-2022-30190 (CVSS score: 7.8). The bug has rocked the global as it gained widespread attention last week.
Microsoft has specifically warned that the vulnerability could allow attackers to install programs, delete data, and create new accounts with user privileges.
However, the company has issued new guidance advising administrators that they can mitigate attacks exploiting CVE-2022-30190 by disabling the MSDT URL protocol along with the preview pane in Windows Explorer.

We propose the following:

  • Review the Microsoft guidelines and implement the necessary solutions
  • Install the latest version of Microsoft Office
  • Beware of files downloaded from the internet
  • Always have anti-virus/anti-malware installed and updated
  • Contact us to carry out security checks on your information systems