Demander une démo
Plateforme
Pourquoi SentinelOne ?
Services
Partenaires
Ressources
A propos de
Demander une démo
Back to Resources

SentinelOne VS CVE-2022-30190 (Follina)

SentinelOne VS CVE-2022-30190 (Follina)

SentinelOne customers are protected from CVE-2022-30190 (Follina).

– On May 27th 2022, @nao_sec identified a malicious Microsoft Word document using a « ms-msdt » protocol scheme for arbitrary code execution.
– As the industry continues to identify novel ways to abuse this ability over the weekend, Microsoft assigned it as CVE-2022-30190.
– Similar to what we observed with Log4j, the methods of execution and outcomes of this vulnerability continue to expand as it gains more researcher and attacker attention.
– Specific attackers have been observed exploiting the vulnerability. Chinese APTs have potentially made use of it around May 20th, 2022, but first samples identified as easily as mid-April 2022.
– Defenders should consider it a critical vulnerability and seek mitigation steps immediately. Additional effort should then be made to hunt for execution prior to public knowledge as attackers could have already abused it.

#cybersecurity #ransomware #XDR

Lisez maintenant
Related Resources

Découvrez la plateforme de cybersécurité la plus avancée au monde

Observez comment notre plateforme de cybersécurité intelligente et autonome peut protéger votre entreprise contre les menaces actuelles et futures.

Demander une démo