mayo 31, 2022
SentinelOne VS CVE-2022-30190 (Follina)
SentinelOne customers are protected from CVE-2022-30190 (Follina).
- On May 27th 2022, @nao_sec identified a malicious Microsoft Word document using a "ms-msdt" protocol scheme for arbitrary code execution.
- As the industry continues to identify novel ways to abuse this ability over the weekend, Microsoft assigned it as CVE-2022-30190.
- Similar to what we observed with Log4j, the methods of execution and outcomes of this vulnerability continue to expand as it gains more researcher and attacker attention.
- Specific attackers have been observed exploiting the vulnerability. Chinese APTs have potentially made use of it around May 20th, 2022, but first samples identified as easily as mid-April 2022.
- Defenders should consider it a critical vulnerability and seek mitigation steps immediately. Additional effort should then be made to hunt for execution prior to public knowledge as attackers could have already abused it.
#cybersecurity #ransomware #XDR
Recursos relacionados
Hoja de datos
Singularity Complete
Singularity Complete ofrece capacidades líderes en el mercado de protección de cargas de trabajo en la nube y endpoints impulsadas…
Leer ahora
Resource
SentinelOne PartnerOne - America's 2025
⛳️ Last week in Pebble Beach the America's best cybersecurity partners came together for our annual PartnerOne summit. Check out…
View Asset