<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1076912843267184&amp;ev=PageView&amp;noscript=1">

RL Blog


ConversingLabs: Unpacking the Follina exploit

Paul Roberts
Blog Author

Paul Roberts, Content Lead at ReversingLabs.


In our latest episode of the ConversingLabs podcast, host Paul Roberts interviews ReversingLabs researcher Joseph Edwards about his analysis of Follina, a newly discovered exploit with a pretty name, but nasty intentions. 

As Edwards explains in the interview, Follina — which takes its name from the town in Northern Italy (more on that in the podcast) — is evidence of the continued innovation of malicious actors as they look for ways around security measures designed to thwart common attacks and exploits, such as Microsoft’s decisions to disable the use of macros by default in Microsoft Office documents.  

In the case of Follina, Edwards found that the exploit leveraged a flaw in a standard Windows component, the Microsoft Support Diagnostic Tool, or MSDT, a program that streamlines troubleshooting for files on Windows. The vulnerability in MSDT allows attackers to trick the troubleshooting protocols and execute code, using a program of their choice.

In this conversation, Joseph describes how the Follina exploit, which targets the MSDT vulnerability, works and how it is circulating online. While attacks have relied on familiar techniques, such as phishing emails with Microsoft Word, XML or RTF attachments that trigger the exploit, Joseph explains that such common approaches aren’t needed to leverage Follina — something as simple as an HTML file with embedded Javascript or PowerShell commands is enough.

“From the attacker’s standpoint, you’re leveraging something that is a standard component of all Windows systems and that doesn’t require attackers to authenticate first."
Joseph Edwards

[ Explore the Follina exploit in our new ConversingLabs episode ]

Related content

Get up to speed on key trends and learn expert insights with The State of Software Supply Chain Security 2024. Plus: Explore RL Spectra Assure for software supply chain security.

More Blog Posts

    Special Reports

    Latest Blog Posts

    Chinese APT Group Exploits SOHO Routers Chinese APT Group Exploits SOHO Routers

    Conversations About Threat Hunting and Software Supply Chain Security

    Reproducible Builds: Graduate Your Software Supply Chain Security Reproducible Builds: Graduate Your Software Supply Chain Security

    Glassboard conversations with ReversingLabs Field CISO Matt Rose

    Software Package Deconstruction: Video Conferencing Software Software Package Deconstruction: Video Conferencing Software

    Analyzing Risks To Your Software Supply Chain