LokiBot Malware Targets Windows Users in Office Document Attacks
Fortinet suggests attackers are leveraging vulnerabilities like CVE-2021-40444 and CVE-2022-30190
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application.
Microsoft ยท Windows
Known ransomware use: Known
Follow the source advisory and validate exposure in your environment.
Apply updates per vendor instructions.
Recent reporting that mentions CVE-2022-30190.
Fortinet suggests attackers are leveraging vulnerabilities like CVE-2021-40444 and CVE-2022-30190
The XFiles info-stealer malware has added a delivery module that exploits CVE-2022-30190, aka Follina, for dropping the payload on target computers. [...]
Ukraine's Computer Emergency Response Team (CERT) is warning that the Russian hacking group Sandworm may be exploiting Follina, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) currently tracked as CVE-2022-30190. [...]