Cyber Defense eMagazine July Edition for 2022
Cyber Defense eMagazine July Edition for 2022 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, Editor-in-Chief and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
Cyber Defense eMagazine July Edition for 2022 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, Editor-in-Chief and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Microsoft Support Diagnostic Tool Vulnerability: What to<br />
Learn from It and How to Stay Safe<br />
By Dirk Schrader, Resident CISO (EMEA) and VP of Security Research, Netwrix<br />
A new vulnerability in the Microsoft Office universe has been recently discovered. Let’s examine some<br />
details about it. How Microsoft Support Diagnostic Tool (MSDT) and other tools can be turned against<br />
organizations? What IT teams can do to prevent something bad from happening?<br />
What is going on?<br />
Freshly discovered CVE-<strong>2022</strong>-30190 vulnerability in MS Office provides attackers with a new way of<br />
hijacking organizations’ IT environments through endpoints. This exploit is likely to work on most<br />
Windows / MS Office installations, if they aren’t patched yet.<br />
The attacker crafts a MS Word document that contains the malware code, sends it to someone’s business<br />
email address and uses common social engineering techniques to lure the recipient into opening it.<br />
Remember Log4Shell vulnerability discovered in December 2021, where the issue was about an<br />
uncontrolled way of executing a function in a function combined with the ability to call <strong>for</strong> external<br />
resources. This 0-day, initially named ‘Follina’, works in a similar way.<br />
Word has a feature called ‘remote template’ which is misused to get a HTML file from a distant location.<br />
Once received, this HTML file uses a functionality in MSDT to execute an embedded payload, using<br />
Powershell script or other tools available on the target.<br />
Windows built-in security tools are likely not to catch this activity.Standard hardening benchmarks don’t<br />
cover it either. Built-in defensive mechanism like Defender or common restrictions <strong>for</strong> the use of macros<br />
will not block this attack as well.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>July</strong> <strong>2022</strong> <strong>Edition</strong> 102<br />
Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.