The Follina vulnerability ingeniously exploits Microsoft Word's remote template feature, ms-msdt URI schemes, and msdt.exe's parameter handling. Its multi-stage nature and ability to bypass various security mechanisms make it a highly sophisticated and severe threat.

2022年5月31日 · Microsoft has released workaround guidance to address a remote code execution (RCE) vulnerability—CVE-2022-30190, known as "Follina"—affecting the Microsoft Support Diagnostic Tool (MSDT) in Windows.

2022年6月1日 · Modified. This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes.

UPDATE: 6/15: Microsoft released its latest round of security patches (Patch Tuesday) this week, and with it quietly fixed CVE-2022-30190, better known as Follina.

2022年7月13日 · I would like to seek clarification on the Follina vulnerability - CVE-2022-30190. In some of the security blogs (e.g. this ), it was mentioned that this vulnerability affecting several MS Office version, but according to Microsoft guide here …

2022年6月15日 · Microsoft has finally released a fix for “Follina,” a zero-day vulnerability in Windows that’s being actively exploited by state-backed hackers.

2022年5月31日 · Researchers believe the flaw, dubbed “Follina,” has been around for a while, as they traced it back to a Microsoft report made on April 12. The vulnerability leverages Office functionality to download an HTML file, which exploits the MSDT to let attackers execute code remotely on compromised devices.