We want to warn you about an active threat to your IT Systems.
On May 27 2022, a new zero day critical vulnerability called Follina was made public. The Follina security vulnerability resides in malicious word documents that abuse a small tool installed with Microsoft Office for Windows computers, the Microsoft Support Diagnostic Tool (ms-msdt). The aim of the malicious document is to execute commands on the affected computer with full administrative privileges.
How does the Follina security vulnerability work? When a user opens the document with Microsoft Word or opens the file in the File Explorer preview pane, the malicious document will execute commands on the victim’s machine. These documents are being sent by email to unsuspecting people. The damage a hacker can do by utilising this exploit is effectively unlimited.
Malicious hackers are actively exploiting this vulnerability and there is currently no patch from Microsoft (correct as of 3 June 2022).
Don’t panic. Read on…
There are 2 ways to protect your users and business against the Follina security vulnerability
- You can disable the ms-msdt registry setting. Microsoft has prepared some guidance for this workaround which you can view here. Alternatively, contact us and we help you deploy this workaround across your devices in a way that will suit your IT environment
- You can also train staff with some simple steps to reduce the risk of a malicious document being able to exploit the vulnerability. See below..
Good cyber practice tips for you and your staff
There are some good cyber hygiene practices you can remind your staff about. These reminders or training should be done regularly, regardless of an active threat situation or not.
- Do not open attachments you are not expecting, and have received from someone you do not know or trust
- Unless you are expecting the attachment, and know and trust the sender, do not click Enable Editing when opening an attachment
- Do not use the Preview Pane feature in File Explorer. This can automatically open untrusted or malicious documents. Turn it off in File Explorer by clicking View > Show > then untick Preview Pane
- If you do open a malicious attachment, or give away your credentials, report it immediately. Call your IT support help desk straight away, don’t email them, don’t leave it until later
How is PS Tech responding to this threat?
For our business ‘managed service’ customers, you are well protected against the Follina security vulnerability.
Firstly, we are deploying Microsoft's suggested temporary workaround to all of your active Windows computers. This disables the way the vulnerable Microsoft Support Diagnostic Tool is exploited. When a patch is released by Microsoft, we will roll back the workaround, reenabling the patched software.
Secondly, as a managed service customer, the Sophos Intercept-X Advanced endpoint security solution we use to protect your computers detects and blocks attacks using this vulnerability.
Not sure if you are one of our managed service customers? Look for a green heart icon in your taskbar (it may be in the Hidden icons area, click the Up arrow to the left:
If you don’t see the Green Heart, your device is not ‘managed’ by PS Tech. If you see an orange or red heart, please log a support ticket and one of our engineers can investigate.
If you are not a PS Tech Managed Service customer and you would like assistance deploying this workaround, please get in touch for some free help and advice.
What can you do to ensure the best protection for your staff and business?
Regardless of this active threat, there are some essential things you need to put into place:
- Implement and configure an advanced email filtering solution to further detect and block malicious emails and attachments, preventing the vast majority from reaching your staff's inboxes. Malicious emails (spam, phishing, spear-phishing etc.) are still the number one tool hackers use to break into your systems.
- Conduct regular phishing and security awareness training with your teams, and test that training works through simulated phishing attacks
- Ensure your endpoint protection is of the latest generation of products and is monitored and maintained. Plain old anti-virus doesn't cut it anymore
- Regularly patch your devices, the operating system and installed applications. This applies to Windows, macOS and mobile devices
- Make sure you have up to date backups of business data and critical systems, stored off-network, off-site
- Consider an accreditation such as Cyber Essentials to further bolster your Cyber Security posture
Our managed IT services remove the stress involved with keeping your IT systems and your staff cyber safe. We implement, operate and report on all of the above suggestions and more for you and your business.
Our outsourced IT service is suitable for all businesses, even if you have your own IT team.
You can read more about why partnering with a managed service provider is such a good idea here:
Get in touch today or book a free, no-commitment chat with one of our plain speaking experts using the buttons below.
We recommend you also follow @pstechmsp on social media to stay up to date with IT, communications and security news. Use the links below.