Critical security notification: Follina/Microsoft Support Diagnostic Tool vulnerability puts Microsoft Office users at risk
Chris Jeffery
Chief Guru at CyberGuru | Business & ICT professional | 2023 CompTIA ANZ Future Leader Spotlight Award Winner | ACS Qld Young ICT Pro 2012 | AQ Community Digital Champ Alumnus
A new vulnerability in the Microsoft Support Diagnostic Tool in Windows has been identified. Known as CVE-2022-30190 or the Follina bug, allows hackers to bypass security measures in place to protect users from phishing emails.
Phishing emails are designed to trick the user into clicking on a malicious link. When Microsoft suspects a phishing email it activates features designed to minimise this risk. The Follina bug allows cybercriminals to circumvent Microsoft’s Protected View features as well as anti-malware detection, thereby exposing users to potential harm.
When a user clicks on this link, it may allow a cybercriminal to take control of the computer.
A workaround has been supplied by Microsoft to be able to successfully mitigate against this threat, disabling access to the Microsoft Support Diagnostic Tool through these links.
Whilst no patch is currently available, we strongly recommend that the workaround is applied to all computers affected as soon as possible.
We are actively working with our clients to minimise the impact of this threat. As part of this, we have applied the workaround to our managed services clients as part of our remote monitoring and management service.
If you are not a managed services (subscription) client, we are happy to assist and support your organisation and take action on your devices to protect against this bug.
Please contact us if you require any assistance.
Helping others look and feel their best using high Quality Products, Technology and Devices.
2 年It stinks. How do we stop these scumbags? We should be putting their intelligence to good use instead of placing everyone in fear especially the elderly!!