Due to a recent Follina cybersecurity threat targeting systems operating on Microsoft Windows, FTC is advising that all of its customers using Windows to install the most recent updates as soon as possible. The latest updates can be found at windowsupdate.microsoft.com, or installed by following these steps:
- In Windows 11, select Start > Settings > Windows Update
- In Windows 10, select Start > Settings > Update & Security > Windows Update
The Follina Threat
In mid-June, Microsoft confirmed that Microsoft Office had been impacted by a “zero-day vulnerability” — meaning that a patch had not been created yet to address the software weakness. Reports at the time indicated that the vulnerability, known as “Follina” and tracked as CVE-2022-30190, was a high-severity one that state-backed hackers had been actively exploiting. Follina employed a zero-click remote code execution technique used through the Microsoft Diagnostics Tool (MSDT) and Microsoft Office utilities, namely Microsoft Word.
How Does Follina Work?
The Microsoft Security Response Center described the Follina threat, explaining that, An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application.” “The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.”
Does Follina Affect Office 365?
Some versions of Office 365 included with a Microsoft 365 license are affected. No matter your version of office or Microsoft, it’s recommended to apply the most current updates from Microsoft.
Is Follina Patched?
Microsoft issued Windows updates, including a patch for Follina, on June 14, 2022 to address the issue and recommends that all users install the updates as soon as possible.
Actions to ensure the protection of customers’ businesses
Here at FTC, we are regularly in active communication with all of our technology partners to exchange intelligence on any cyberthreats that might impact our customers’ operations. Beyond installing the above-mentioned Windows updates, end users are cautioned to be vigilant when opening attachments from unknown sources. In the case of Follina, Word documents and Excel spreadsheets are particularly vulnerable to the threat.
Moving forward, customers might want to consider subscribing to ThreatLocker as preemptive security against zero-day exploits without patches. FTC IT Solutions is using the ancillary product in its security stack to block all Office applications from creating child processes, which should minimize the risk of vulnerability.
FTC’s robust cybersecurity solutions
At FTC, we have a highly effective cybersecurity portfolio and have positioned our customers to be able to defend themselves in the best way possible against the latest and most sophisticated attacks. Our approach includes industry-leading, next-generation antivirus protections via SentinelOne. Coupling that with Duo, our multi-factor authentication service, ThreatLocker, our application whitelisting and ringfencing solution, and sandboxing for your data at the edge creates a multi-layered approach that delivers much-needed protections in today’s threat-filled cyber landscape. Lastly, businesses can fortify their first line of defense by training their employees with KnowBe4, the world’s largest integrated platform for security awareness and training combined with simulated phishing attacks.
If your business is not currently using all the layers of protection offered, do not hesitate to reach out to us to discuss how all of these cybersecurity layers work together and how we can easily add them to your defense.
Seeking professional-grade cybersecurity services like a managed firewall, advance threat protection and hosted antivirus and spyware for your business? Visit ftc.net/business to explore all of FTC’s cybersecurity offerings as well as other business-critical services such as Internet, Wireless, Voice and Security. And when you need local, expert IT assistance for your business, help is nearby and easy to reach without the expense of a full-time IT staff. Visit FTC IT Solutions for professional IT help in a number of tech-related areas, including Managed IT, Cybersecurity, Hosted Services, Point-of-Sale and Hardware Sales.