Categories: TECH NEWS

China-linked hackers are exploiting a new vulnerability in Microsoft Office


Read Time: 2 minutes

The vulnerability, dubbed ‘Follina,’ began to be widely reported just days ago

By Corin Faife@corintxt  Jun 1, 2022, 1:52pm EDT

A newly discovered vulnerability in Microsoft Office is already being exploited by hackers linked to the Chinese government, according to threat analysis research from security firm Proofpoint.

Details shared by Proofpoint on Twitter suggest that a hacking group labeled TA413 was using the vulnerability (named “Follina” by researchers) in malicious Word documents purported to be sent from the Central Tibetan Administration, the Tibetan government in exile based in Dharamsala, India. The TA413 group is an APT, or “advanced persistent threat,” actor believed to be linked to the Chinese government and has previously been observed targeting the Tibetan exile community.

In general, Chinese hackers have a history of using software security flaws to target Tibetans. A report published by Citizen Lab in 2019 documented extensive targeting of Tibetan political figures with spyware, including through Android browser exploits and malicious links sent through WhatsApp. Browser extensions have also been weaponized for the purpose, with previous analysis from Proofpoint uncovering the use of a malicious Firefox add-on to spy on Tibetan activists.

The Microsoft Word vulnerability first began to receive widespread attention on May 27th, when a security research group known as Nao Sec took to Twitter to discuss a sample submitted to the online malware scanning service VirusTotal. Nao Sec’s tweet flagged the malicious code as being delivered through Microsoft Word documents, which were ultimately used to execute commands through PowerShell, a powerful system administration tool for Windows.

In a blog post published on May 29th, researcher Kevin Beaumont shared further details of the vulnerability. Per Beaumont’s analysis, the vulnerability let a maliciously crafted Word document load HTML files from a remote webserver and then execute PowerShell commands by hijacking the Microsoft Support Diagnostic Tool (MSDT), a program that usually collects information about crashes and other problems with Microsoft applications.

Microsoft has now acknowledged the vulnerability, officially titled CVE-2022-30190, although there are reports that earlier attempts to notify Microsoft of the same bug were dismissed.

According to Microsoft’s own security response blog, an attacker able to exploit the vulnerability could install programs, access, modify, or delete data, and even create new user accounts on a compromised system. So far, Microsoft has not issued an official patch but offered mitigation measures for the vulnerability that involve manually disabling the URL loading feature of the MSDT tool.

Due to the widespread use of Microsoft Office and related products, the potential attack surface for the vulnerability is large. Current analysis suggests that Follina affects Office 2013, 2016, 2019, 2021, Office ProPlus, and Office 365; and, as of Tuesday, the US Cybersecurity and Infrastructure Security Agency was urging system administrators to implement Microsoft’s guidance for mitigating exploitation.


Godfred Meba

View Comments

  • I'm not sure why but this blog is loading very slow for me.
    Is anyone else having this problem or is it a problem on my end?
    I'll check back later and see if the problem still exists.

    my blog A片

  • I every time used to study piece of writing in news papers but now as I am a user of
    net therefore from now I am using net for content, thanks to web.

  • I enjoy what you guys are up too. This kind of clever work and reporting!
    Keep up the awesome works guys I've added you guys to blogroll.

  • First off I want to say great blog! I had a quick question in which
    I'd like to ask if you do not mind. I was interested to know how you center yourself and clear your head before writing.
    I have had trouble clearing my thoughts in getting my ideas
    out there. I do take pleasure in writing but it just seems like the first 10 to 15 minutes tend to be lost just trying to figure out how to begin. Any suggestions or tips?

    Thanks!

  • YOI4D adalah situs slot online yang memberikan link daftar akun slot gacor
    dengan berbagai permainan judi slot terbaik dari pragmatic play dan slot88 jackpot
    terbesar

  • ขายยาสอด ยาทำแท้ง ยาสอดทำแท้ง ยายุติการตั้งครรภ์ ยาขับเลือด
    ยาขับประจำเดือนcytotec
    cytolog ru486
    ปรึกษาได้ตลอด 24 ชม.
    ยาที่ใช้ยุติการตั้งครรภ์
    ยาที่ใช้ในกระบวนการยุติการตั้งครรภ์สามารถแบ่งออกเป็นสองประเภทหลัก คือ:
    1. เม็ดยาทำแท้ง (Medical abortion pills):

    - Mifepristone (เมฟริสโตน): เป็นยาที่ใช้เพื่อยับยั้งฮอร์โมนเพศซึ่งช่วยให้การตั้งครรภ์ไม่สามารถพัฒนาต่อไปได้
    - Misoprostol (มิโซโพรสโตล): เป็นยาที่ใช้เพื่อกระตุ้นการมีเกร็งและการถ่ายเอาลูกน้ำออก
    2. กระตุ้นการตั้งครรภ์ด้วยฮอร์โมน (Hormonal methods):

    - ยาเม็ดคุมกำเนิดฉีด:
    คือการใช้ฮอร์โมนคุมกำเนิดเข้าไปในร่างกายเพื่อยับยั้งการตั้งครรภ์
    วิธีการใช้ยาและเกณฑ์การใช้งานของยาทำแท้งจะแตกต่างกันไปตามประเทศและกฎหมายท้องถิ่น
    ฉะนั้น การใช้ยาทำแท้งควรทำภายใต้คำแนะนำและการดูแลของแพทย์ที่เชี่ยวชาญด้านนี้เท่านั้น
    เพื่อรักษาความปลอดภัยและประสิทธิภาพในกระบวนการยุติการตั้งครรภ์
    line : @2planned
    https://69cytotac.com

  • Hi, i believe that i saw you visited my web site thus
    i came to return the want?.I am attempting to find things to improve my web
    site!I guess its good enough to use some of your ideas!!

  • Hi, I do think this is an excellent website.

    I stumbledupon it ;) I am going to come back once again since I book marked it.
    Money and freedom is the best way to change, may you be rich and continue to
    guide other people.

  • Have you ever thought about adding a little bit more than just your articles?

    I mean, what you say is important and all. Nevertheless think of if you added some great images or videos to give your posts more, "pop"!

    Your content is excellent but with pics and video clips,
    this site could certainly be one of the most beneficial in its niche.
    Very good blog!

Recent Posts

“It makes aid conditional on political and military aims. It makes starvation a bargaining chip.”

TRIAL International has filed legal complaints in Switzerland, urging an investigation into the Swiss-incorporated Gaza…

15 hours ago

MINREX summons the U.S. Chargé d’Affaires in protest of his disrespectful conduct

The Ministry of Foreign Affairs summoned the U.S. Chargé d'Affaires on Friday, June 30 to…

15 hours ago

Deepening China-Africa Infrastructure Cooperation for Shared Technological Advancements

(by H.E. Tong Defa, Ambassador of China to Ghana) There is a famous saying about…

16 hours ago

Moroccan high official eliminated from UN Mandela Prize after strong objections nelson mandela

Amina Bouayach President of CNDH Thu, 05/29/2025 - New York (UN) 29 May 2025 (SPS)-…

3 days ago

It’s unethical and dishonourable – Martin Amidu blasts Godfred Dame over CJ Petition

Former Special Prosecutor Martin Amidu has taken a strong swipe at former Attorney-General Godfred Yeboah…

3 days ago

Nana Kwasi Gyan-Apenteng, distinguished journalist, passes on

Nana Kwasi Gyan-Apenteng, distinguished journalist, passed away in London yesterday after a short illness with…

3 days ago