SentinelOne VS CVE-2022-30190 (Follina)

SentinelOne customers are protected from CVE-2022-30190 (Follina).

– On May 27th 2022, @nao_sec identified a malicious Microsoft Word document using a “ms-msdt” protocol scheme for arbitrary code execution.
– As the industry continues to identify novel ways to abuse this ability over the weekend, Microsoft assigned it as CVE-2022-30190.
– Similar to what we observed with Log4j, the methods of execution and outcomes of this vulnerability continue to expand as it gains more researcher and attacker attention.
– Specific attackers have been observed exploiting the vulnerability. Chinese APTs have potentially made use of it around May 20th, 2022, but first samples identified as easily as mid-April 2022.
– Defenders should consider it a critical vulnerability and seek mitigation steps immediately. Additional effort should then be made to hunt for execution prior to public knowledge as attackers could have already abused it.

#cybersecurity #ransomware #XDR