Follina is a recently-discovered vulnerability in Windows. Besides Follina, several other names are used to refer to this vulnerability. Colloquially, it is known as the MSDT exploit. Microsoft itself calls it CVE-2022-30190, while the antiviruses will sometimes call it Mesdetty. It affects Windows 7, 8, 10, and 11.
The vulnerability is located within Microsoft Support Diagnostic Tool, an application bundled with Windows to collect data for Microsoft Support. Using a specifically designed text document (specifically, those with .docx and .rtf extensions), or a shortcut, MSDT can be made to run arbitrary code. What this means is that if you receive a corrupted file like this in, say, e-mail, and then open it – the hacker will have full control of your computer. They could use this control to steal sensitive data such as passwords, to install malicious software, or to do anything else the hacker could imagine.
If you think this is bad – it gets worse. Corrupted .docx files still need to be opened for the hacker to gain control. Corrupted .rtf files do not. All the victim has to do is to select the file – to click on it once, in other words – and that’s it, they’re hacked.
Sounds very dangerous, doesn’t it? The worst part is, because it is so new (it’s been discovered just a few days ago), antiviruses might not be able to detect the corrupted files. Luckily, it is very easy to fix the Follina vulnerability yourself, which will render you completely immune to this attack. The article below will explain the steps you need to follow.
