Symantec: More malware operators moving in to exploit Follina While enterprises are still waiting for Microsoft to issue a fix for the critical "Follina" vulnerability in Windows, yet more malware operators are moving in to exploit it. Microsoft late last month acknowledged the remote code execution (RCE) vulnerability – tracked as CVE-2022-30190 – but has yet to deliver a patch for it. …
Once again, an attack that is based on the user opening an attachment from someone they don't know.
I've been getting a few mails this week with the subject "Re: your order is blocked", containing an attachment.
I haven't ordered anything. If you really think I'm stupid enough to open an attachment from an email I did not request concerning something I did not order, I just wish I had Thor's lightning at my disposal, because I would use it.
Liberally.
Proofpoint recently reported that in organizations they monitor, a majority of phishing messages that make it to end users were coming from compromised vendors and partners. So in many cases it will be people opening attachments from emails which came from the accounts of people they do know.
You could argue the real problem is MIME (I have never liked MIME), but realistically if we didn't have MIME we'd probably be doing something else equally dangerous.
The real real problem, of course, is MS Office.
Why is there some proprietary protocol back-channel talking to MS HQ - in a text processing program. Say WORD for DOS. Every MS protocol - say SMB or this back-channel is bad security, and obscure to deliberate privacy intrusion. Lets hope the EU investigates data leakage . If my document had 'Takeover Bid' some inside traders would be well placed. Lets investigate what leaked, and how much over time.
Seriously?
This is a Diagnostic / Debug API for desktop support. The API doesn't 'talk to MS' and it's a 'protocol' only in the loosest sense.
The problem is that it's a generic support API that allows use of generic OS functions to report generic applications, for use by generic support organizations.
Unfortunately, 'generic support organizations' includes criminals as well as your support desk, 'generic OS functions' include downloading and executing malware as well as debug and repair objects, and 'generic support API' supports Outlook, Office, Edge and any other private or open-source application that chooses to use the API.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
