Cyber threat advisory affecting Microsoft Office suite – Follina / CVE-2022-30190
Today we have received word of a “zero day” vulnerability – that is, it is brand new with no published fix – that has been identified within the Microsoft 365 Office suite that allows for hackers to inject malware, ransomware, and other nasties into your system without your knowledge. The vulnerability has been dubbed “Follina” and exploits a little-known feature within Office. The vulnerability allows an attacker to develop a malicious Word Document (.docx) file which when opened, can download, and execute a malicious file to infect the system. Additionally, there are reports of the exploit triggering when the file is previewed within File Explorer (not even opened!).
The primary method of attack is via phishing emails, which are typically malicious emails masquerading as a legitimate email from a trusted sender. These can usually be caught out by reviewing the from address header, or any suspicious wording. The malicious document is attached to the email or made available by a link to the document, and once downloaded and opened/previewed, the exploit may trigger.
What we have done
We have reviewed the vulnerability and known intelligence, and determined that whilst the impact is potentially high, the likelihood of a successful attack is relatively low. This is due to a high level of anti-phishing measures and cyber awareness amongst our clients (for those who have taken it up) which reduces the likelihood of such attachments from being downloaded. Additionally, the Sophos Endpoint Protection and Sophos Email Gateway products have already developed countermeasures, allowing the malicious email to be flagged and isolated, before reaching a company email address. However, erring on the side of caution, we will continue to monitor in the coming days and determine if any further preventative measures are required.
What we are concerned about
As this is a zero day threat it may evolve in a short time, and overall protection is not wholly satisfactory. Many antivirus vendors (including Microsoft, as of time of writing) are yet to detect the threat. Some clients who do not utilize advanced email filtering solutions will be more likely to receive this type of attack. Due to there being no official fix available yet, they will remain vulnerable until Microsoft release a patch.
What you need to do
- Raise awareness – send this email amongst the team in your office, and colleagues.
- Stay vigilant and aware of phishing emails and their tactics.
- Any relevant emails that you suspect to be malicious, feel free to report them to us at firstname.lastname@example.org or give us a call on 1300 228 480.
- Consider enrolling any ‘click happy’ staff – you know, people like Bob in Sales who just click on everything – in our cyber awareness training, as we build your team up into HUMAN FIREWALLS to combat this exact type of attack: https://www.aitsys.com.au/cyber-security/awareness-and-training/
- More reading available here: https://nakedsecurity.sophos.com/2022/05/31/mysterious-follina-zero-day-hole-in-office-what-to-do/
P.S. Follina is a beautiful village about 60 km northwest of Venice, Italy. Whilst it is a lovely place to visit and enjoy some Prosecco, this cyber vulnerability that shares its name is certainly not beautiful, nor light and bubbly.