• Link to Rss this site
  • Link to LinkedIn
  • Link to Youtube
  • Link to X
  • Link to Instagram
  • English English English en
  • Deutsch Deutsch German de
Sales: +49 5251 304-800 | Support: +49 5251 304-636
NoSpamProxy
  • PRODUCT
    • NoSpamProxy Cloud
    • NoSpamProxy Protection
    • NoSpamProxy Encryption
    • NoSpamProxy Large Files
    • NoSpamProxy Disclaimer
  • SOLUTIONS
    • M365 Mail Security
    • Managed Certificates
    • 32Guards
    • AS4
  • RESOURCES
    • Documentation
    • Forum
    • Webcast Training
    • Training Courses
    • Support
    • Software Download
  • PARTNERS
    • Finding Resellers
    • Becoming Reseller
    • Partner Portal
    • NFR Licenses
  • COMPANY
    • Contact
    • Testimonials
    • Team
    • Career
    • Events
    • Awards
  • PRICES
  • BLOG
    • Blog
    • Newsletter Subscription
  • FREE TRIAL VERSION
    • Price Request
    • Free Trial Version
  • English
    • Deutsch
  • Click to open the search input field Click to open the search input field Search
  • Menu Menu
  • Information

New zero-day vulnerability: How to protect yourself from Follina

A critical, unpatched vulnerability in Microsoft Office in combination with the Microsoft Diagnostics Tool (MSDT) is currently making headlines. Particularly threatening is the fact that the zero-day vulnerability can be exploited without opening the document. For an infection, it is sufficient to trigger a hover preview in a downloaded file. With the right configuration, NoSpamProxy customers are optimally protected.

31.05.2022|last modified:26.10.2022

What is Follina about?

Microsoft has confirmed what has become known as the Follina vulnerability, CVE-2022-30190, which allows remote code execution (RCE) “when MSDT is invoked using the URL protocol from an application such as Word.” In an analysis, security firm Huntress expects the vulnerability to be exploited on a larger scale in the coming days.

The vulnerability allows attackers to execute arbitrary code with the privileges of the calling application, Microsoft said. The perfidious thing about the vulnerability is that activating macros or opening the Office programme is not necessary to cause an infection: It is sufficient to trigger a hover preview in a downloaded file.

Far-reaching consequences of infection

If a computer is infected, the attacker can “install programmes, view, change or delete data, or create new accounts in the context allowed by the user’s privileges,” Microsoft explains. In addition, Microsoft points out that so-called chaining of vulnerabilities is also conceivable. In this case, a vulnerability such as Follina is used to infect the computer; further vulnerabilities are then used, for example, to extend the rights.

How can you protect yourself?

Microsoft advises disabling the MSDT URL protocol. To do this, the command prompt must be started as administrator and the registry key must be saved with two commands and then deleted. Microsoft also mentions the cloud protection of its Defender antivirus software.

Protection against Follina by NoSpamProxy

Content Disarm and Reconstruction (CDR) disarms Word and Excel files

NoSpamProxy customers benefit from the integrated PDF conversion, also called Content Disarm and Reconstruction (CDR), which converts Microsoft Word and Microsoft Excel documents as well as PDF documents into harmless PDF files, whereby any existing malicious code is removed. The PDF file can then be used without hesitation and the original file either left attached to the email or removed.

The content filter blocks other dangerous formats

As far as is currently known, all Office formats as well as RTF files are affected by the security vulnerability. This includes Word (e.g. DOC, DOCX, DOCM and DOTM) and Excel (e.g. XLS, XLSX, XLSM and XLTM) as well as common file formats such as PowerPoint (e.g. PPT, PPTX, POTX and PPTM).

We strongly recommend that you configure the content filter in NoSpamProxy in such a way

  • that attachments in the affected file formats are moved to the web portal and remain there until manual release or
  • that attachments in the affected file formats are removed or the entire email is rejected.

For attachments in RTF format, we strongly recommend removing the attachment or rejecting the email.

  • share 
  • share 
  • share 
  • email 

SEARCH

PRODUCT

  • All Topics
  • NoSpamProxy Cloud
  • NoSpamProxy Protection
  • NoSpamProxy Encryption
  • NospamProxy Large Files

You need support?

You can find more information about NoSpamProxy in our documentation and forum.

CATEGORY

  • All Topics
  • News
  • Product
  • Tech & Support
  • Events

NoSpamProxy Newsletter

Subscribe to Newsletter
RSS Feed Logo RSS Feed Logo Subscribeto RSS Feed

NoSpamProxy

  • NoSpamProxy Cloud
  • NoSpamProxy Encryption
  • NoSpamProxy Large Files
  • NoSpamProxy Disclaimer
  • Price request
  • Team
  • Career
  • General terms and conditions
  • Data Protection Information for Business Partners and Applicants
  • Cybersecurity (PSIRT)

Partners

  • Becoming a reseller
  • Partners
  • Order Certificates
  • Newsletter

Categories

  • All topics
  • News
  • Support
  • Updates
  • Order certificates

Latest News

  • Warum Sie ARC in NoSpamProxy jetzt aktivieren sollten Preview
    Why you should activate ARC in NoSpamProxy now11.07.2025 - 12:08
  • SVG files in email attachments: Danger by malicious code preview
    Attached SVG file: Danger from malicious code04.07.2025 - 10:00
  • NoSpamProxy Update
    NoSpamProxy Cloud June update: Rollout started30.06.2025 - 06:00
IMPRINT • EULA • Privacy Policy • • © 2025 Net at Work GmbH
  • Link to Rss this site
  • Link to LinkedIn
  • Link to Youtube
  • Link to X
  • Link to Instagram
Link to: beBPo: Using the public authority mailbox with NoSpamProxy Link to: beBPo: Using the public authority mailbox with NoSpamProxy beBPo: Using the public authority mailbox with NoSpamProxybeBPo Besonderes elektronisches Behördenpostfach Preview Link to: How NoSpamProxy classifies emails as spam: The Spam Confidence Level (SCL) explained Link to: How NoSpamProxy classifies emails as spam: The Spam Confidence Level (SCL) explained Spam Confidence Level PreviewHow NoSpamProxy classifies emails as spam: The Spam Confidence Level (SCL) ...
Scroll to top Scroll to top Scroll to top