Follina, the zero-day vulnerability that was discovered at the end of May 2022, has now been in fixed in the June 2022 Tuesday Security Update. The vulnerability allowed remote code execution via the Windows Support Diagnostic Tool. It took 14 days before the fix was released.
An attacker, who successfully exploits this vulnerability, can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, and/or delete data, and/or create new accounts in the context allowed by the user’s rights.” - (Microsoft Security Response Center May 30th 2022).
Microsoft did quickly release anti-virus signatures (1.367.851.0) for Defender to block the initial malware exploiting this vulnerability, which they classified as Trojan:Win32/Mesdetty.
However, the vulnerability still existed and it became a race against time to plug the gap. Microsoft advised users to disable the MSDT URL protocol, and thus stop Windows trouble shooters being invoked from Microsoft Office documents.
A9X Cyber Security Software users are protected by multiple layers of defense, facilitated by its A9X Cyber Security Dashboard:
- A9X VoodooShield: Blocks any “unknown” (non-whitelisted) applications from running.
- A9X SafeWeb: Malicious URLs used to download (drop) new malware would be blocked.
- A9X Defender: Users receive updates immediately, unlike other maritime solutions that only update once a week.
- A9X Scripting: The MSDT URL protocol could be remotely disabled on all computers with a simple script.
- A9X Win Updates: Users receive Windows Security Update(s) quickly, safely and automatically.
- A9X USB Manager: Protects against cyber-attacks via USB devices.
- A9X Watchdog: Detects and reports suspicious user and network activity attacks against on-board services system changes.