• Rss
  • LinkedIn
  • Youtube
  • Twitter
  • Instagram
  • English English English en
  • Deutsch Deutsch German de
Sales: +49 5251 304-800 | Support: +49 5251 304-636
NoSpamProxy
  • HOME
  • PRODUCT
    • NoSpamProxy Cloud
    • NoSpamProxy Protection
    • NoSpamProxy Encryption
    • NoSpamProxy Large Files
    • NoSpamProxy Disclaimer
  • SUPPORT
    • Knowledge Base
    • Forum
    • Training courses
    • Support Request
    • Software-Download
    • Resources
  • PARTNERS
    • Finding Resellers
    • Becoming Reseller
    • Partner Portal
  • COMPANY
    • Team
    • Testimonials
    • Career
    • Contact
  • EVENTS
    • Events
    • Webcast Training
  • BLOG
  • FREE TRIAL VERSION
    • Price request
    • Free trial version
  • English
    • Deutsch
  • Search
  • Menu Menu
  • Information

New zero-day vulnerability: How to protect yourself from Follina

A critical, unpatched vulnerability in Microsoft Office in combination with the Microsoft Diagnostics Tool (MSDT) is currently making headlines. Particularly threatening is the fact that the zero-day vulnerability can be exploited without opening the document. For an infection, it is sufficient to trigger a hover preview in a downloaded file. With the right configuration, NoSpamProxy customers are optimally protected.

31.05.2022|last modified:26.10.2022

What is Follina about?

Microsoft has confirmed what has become known as the Follina vulnerability, CVE-2022-30190, which allows remote code execution (RCE) “when MSDT is invoked using the URL protocol from an application such as Word.” In an analysis, security firm Huntress expects the vulnerability to be exploited on a larger scale in the coming days.

The vulnerability allows attackers to execute arbitrary code with the privileges of the calling application, Microsoft said. The perfidious thing about the vulnerability is that activating macros or opening the Office programme is not necessary to cause an infection: It is sufficient to trigger a hover preview in a downloaded file.

Far-reaching consequences of infection

If a computer is infected, the attacker can “install programmes, view, change or delete data, or create new accounts in the context allowed by the user’s privileges,” Microsoft explains. In addition, Microsoft points out that so-called chaining of vulnerabilities is also conceivable. In this case, a vulnerability such as Follina is used to infect the computer; further vulnerabilities are then used, for example, to extend the rights.

How can you protect yourself?

Microsoft advises disabling the MSDT URL protocol. To do this, the command prompt must be started as administrator and the registry key must be saved with two commands and then deleted. Microsoft also mentions the cloud protection of its Defender antivirus software.

Protection against Follina by NoSpamProxy

Content Disarm and Reconstruction (CDR) disarms Word and Excel files

NoSpamProxy customers benefit from the integrated PDF conversion, also called Content Disarm and Reconstruction (CDR), which converts Microsoft Word and Microsoft Excel documents as well as PDF documents into harmless PDF files, whereby any existing malicious code is removed. The PDF file can then be used without hesitation and the original file either left attached to the email or removed.

The content filter blocks other dangerous formats

As far as is currently known, all Office formats as well as RTF files are affected by the security vulnerability. This includes Word (e.g. DOC, DOCX, DOCM and DOTM) and Excel (e.g. XLS, XLSX, XLSM and XLTM) as well as common file formats such as PowerPoint (e.g. PPT, PPTX, POTX and PPTM).

We strongly recommend that you configure the content filter in NoSpamProxy in such a way

  • that attachments in the affected file formats are moved to the web portal and remain there until manual release or
  • that attachments in the affected file formats are removed or the entire email is rejected.

For attachments in RTF format, we strongly recommend removing the attachment or rejecting the email.

  • share 
  • share 
  • tweet 
  • email 

SEARCH

PRODUCT

  • All Topics
  • NoSpamProxy Cloud
  • NoSpamProxy Protection
  • NoSpamProxy Encryption
  • NospamProxy Large Files

Knowledge Base

Knowledge Base

Note: The information in this knowledge base is only relevant for NoSpamProxy up to version 13.2. All information for NoSpamProxy 14 and higher can be found in the online documentation.

CATEGORY

  • All Topics
  • News
  • Product
  • Tech & Support
  • Events
Subscribeto RSS Feed

NoSpamProxy

  • NoSpamProxy Cloud
  • NoSpamProxy Encryption
  • NoSpamProxy Large Files
  • NoSpamProxy Disclaimer
  • Price request
  • Team
  • Career
  • General terms and conditions
  • Data Protection Information for Business Partners and Applicants
  • Cybersecurity (PSIRT)

Partners

  • Becoming a reseller
  • Partners
  • Order Certificates
  • Newsletter

Categories

  • All topics
  • News
  • Support
  • Updates
  • Order certificates

Latest News

  • Info IconCritical Outlook vulnerability: No threat to NoSpamProxy customers24.03.2023 - 15:09
  • Default filter settings in NoSpamProxy 1422.03.2023 - 10:00
  • NoSpamProxy UpdateGlobal Rollout NoSpamProxy Version 14.0.515.03.2023 - 15:20
IMPRINT • EULA • Privacy Policy • © 2023 Net at Work GmbH
  • Rss
  • LinkedIn
  • Youtube
  • Twitter
  • Instagram
beBPo: Using the public authority mailbox with NoSpamProxybeBPo Besonderes elektronisches Behördenpostfach PreviewHow NoSpamProxy classifies emails as spam: The Spam Confidence Level (SCL) ...
Scroll to top