Mai 31, 2022
SentinelOne VS CVE-2022-30190 (Follina)
SentinelOne customers are protected from CVE-2022-30190 (Follina).
- On May 27th 2022, @nao_sec identified a malicious Microsoft Word document using a "ms-msdt" protocol scheme for arbitrary code execution.
- As the industry continues to identify novel ways to abuse this ability over the weekend, Microsoft assigned it as CVE-2022-30190.
- Similar to what we observed with Log4j, the methods of execution and outcomes of this vulnerability continue to expand as it gains more researcher and attacker attention.
- Specific attackers have been observed exploiting the vulnerability. Chinese APTs have potentially made use of it around May 20th, 2022, but first samples identified as easily as mid-April 2022.
- Defenders should consider it a critical vulnerability and seek mitigation steps immediately. Additional effort should then be made to hunt for execution prior to public knowledge as attackers could have already abused it.
#cybersecurity #ransomware #XDR
Weiterführende Ressourcen
Resource
SentinelOne PartnerOne - America's 2025
⛳️ Last week in Pebble Beach the America's best cybersecurity partners came together for our annual PartnerOne summit. Check out…
View Asset
Resource
Just a Sec: Cybersecurity Unfiltered—Fast, Frank, and From the Front Lines
Welcome to the first-ever Just A Sec, a no-holds-barred, quick-fire monthly livestream. It’s cybersecurity like you’ve never heard it before—unfiltered,…
View Asset