Victims are deceived by familiar email phishing scam strategies. Which include being sent intriguing and seemingly urgent email attachments, social media links and file downloads.
But unlike most malware, Follina operates even when macros are disabled, or if you just view the malicious file in Windows Explorer.
Follina features remote code execution, which could potentially allow threat actors to gain 'God Mode' access to the affected network.
This means they would be able to install programs, view, change or delete data and create new accounts within the context of user's rights.
While this vulnerability is highly concerning, this is not a situation we are entirely unprepared for.
Using malicious documents is a well-established attack strategy by hackers. Email phishing is one of the most common and dangerous scams. Meaning that users already have access to a wealth of advice on how to stay protected.
Microsoft has also issued their own advice on how to respond to Follina:
- To educate callers about the risk, add a quick message about the vulnerability to your hold music.
- To inform customers and clients, add a quick-non technical blurb to your social media accounts. This blurb should emphasise the need for extra vigilance when receiving email links and documents.
- Caution your users to be extra observant when opening up any attachments, particularly Microsoft Office documents.
- Reach out to your Antivirus vendor with any questions and concerns, and to ensure you are running updated software.
- Apply critical security updates to your system in a timely manner.
- Double check when emails seem suspicious. Received an unexpected file from an unlikely sender? Trust your intuition and follow up with them where possible in person.
- As soon as a security patch is available, get it sorted and update your endpoints.
More than anything, Microsoft Office users need to remain vigilant as the current situation with Follina continues to evolve.