Unofficial Micropatch for Follina Released as Chinese Hackers Exploit the 0-day

The Follina vulnerability was originally discovered after a malicious Microsoft Word document was uploaded on VirusTotal from a Belarus IP address.

On Thursday, May 30th, warned against the probability of a dangerous Microsoft zero-day flaw dubbed Follina being exploited in the wild. According to the latest reports, Chinese hackers have already started using it.

What is Follina?

Follina is a Microsoft Office flaw tracked as CVE-2022-30190. This vulnerability was discovered in May 2022 by researcher Kevin Beaumont in Microsoft Support Diagnostic Tool (MSDT).

According to the researcher, the exploit is activated when the victim opens a malicious document. The Protected View feature, as we know it, is designed to protect users from opening infected files. But, in the case of Follina, the file preview appears in Explorer, and Protected View is not triggered while the exploit is executed.

Threat actors can exploit this vulnerability to gain privilege escalation on a system and gain “god mode” access to the impacted system. Office Pro Plus, Office 2013, Office 2016, Office 2019, and Office 2021 were impacted by the flaw.

Chinese APT Group Exploiting Follina

It seems like this newly identified zero-day already has registered its first exploiters. It is

Read More: