Follina MSDT Attack

What you need to know

This vulnerability is primarily triggered by opening malicious Microsoft Office documents and can give cybercriminals access to your network. Please note this does apply to documents opened in ‘Preview Mode’. Currently, documents from the internet are automatically opened in protected view, so as long as the end user does not allow editing, the attack will not automatically go off.

Cybercriminals may deceive victims into opening these documents via the following channels:

• Email attachments
• Social media links
• File downloads
• Other creative delivery methods

There has not yet been a patch released, however Microsoft has released a temporary fix to block the malware from running when a file is opened.

Huntress, a cybersecurity platform, has been monitoring the situation closely and testing the code to determine it’s risk, their statement reads:

Don’t panic over this. Yes, this vulnerability makes it easier for hackers to gain access to your network. However, malicious documents are a familiar attack strategy and vigilant users can turn the tide against these unpredictable threats

What we are doing

• We are working with our partners and vendors to ensure they are aware of the attack and able to block attacks effectively
• We have disabled the ability for Windows to call on the Microsoft Diagnostic tools with links crafted by bad actors. Don’t worry, the change was done behind the scenes, and we will revert this once Microsoft release their patches
• We caution users to be extra observant when opening up any attachments, particularly Microsoft Office documents.

If you have any concerns or questions about this vulnerability, please contact security@bcs365.co.uk. For updates on the situation, please follow us on social media and check back to this blog post.