Bitdefender Threat Debrief | June 2022

Highlight of the Month: CVE-2022-30190 Zero-Day Vulnerability “Follina

Bitdefender has been keeping a close eye on recent vulnerabilities disclosed in the last week of May 2022 involving CVE-2022-30190, which threatens remote code execution (RCE) via the Microsoft Support Diagnostic Tool (MSDT).

The danger of this RCE exploit, widely known as “Follina”, leaves the possibility open for an attacker to run code with system privileges, often through the abuse of legitimate, benign Windows applications. The rating is “Critical” because these system tools exist on all versions of Windows and execution can bypass certain safeguards, along with publicly available exploits, the CVSS (Common Vulnerability Scoring System).

Microsoft and CISA (Cybersecurity and Infrastructure Security Agency) have released advisories on mitigation and workarounds.  Bitdefender MDR continues to conduct threat hunts across the customer base in the days following the vulnerability disclosure. 

Managed Detection & Response (MDR) Insights

Researchers spotted limited use of the “Follina” exploit in south Asia during March 2022, with initial attribution to a Chinese-nexus threat actor; however, the vulnerability has been known since 2021 after several researchers made responsible disclosures

Read More: