Our selection of key Intelligence Reports this week focuses on existence of critical vulnerabilities affecting several Microsoft Office versions and Atlassian’s Confluence software instances. The zero-day vulnerability tracked as CVE-2022-301190 and known by the moniker ‘Follina’ has already been exploited by nation-state actors, namely China-linked TA413, in a campaign targeting the international Tibetan community. This reaffirms our prediction that threat actors would quickly integrate the vulnerability into their toolset. Microsoft has yet to release a patch but does offer mitigation advice to help safeguard its users. Additionally, several proof-of-concept exploits for CVE-2022-26134 were released over the weekend and researchers have identified over two hundred unique IP addresses attempting to exploit the vulnerability. Atlassian released a patch on 03 June 2022 and has urged customers to update their software or follow their mitigation advice if unable to do so. These critical vulnerabilities reiterate the importance of users constantly updating software to its latest version and following mitigation advice. Those who fail to do so are at a significantly greater risk of being affected by these vulnerabilities as more threat actors seek to exploit them in the coming weeks and months.

Key Vulnerabilities

  1. CVE-2022-30190
    A zero-day vulnerability found in Microsoft Office can be exploited to achieve arbitrary code execution on affected systems (CVSS:7.8| OVSS:21). The vulnerability, also referred to as ‘Follina’, abuses Word’s remote template feature to retrieve an HTML file from a server which, in turn, makes use of the Microsoft Support Diagnostics Tool URI scheme to run a malicious payload. In the absence of a patch, Microsoft advises users and administrators to disable the MSDT URL protocol.
  2. CVE-2021-21465
    The BW Database Interface (CVSS:9.9| OVSS:17) allows a malicious user to execute any crafted database queries, exposing the backend database. The user can execute their own SQL commands and thus compromise the affected SAP system.
  3. CVE-2022-26134
    An OGNL injection vulnerability affecting several Confluence Server and Data Centre versions (OVSS: 73) could allow an unauthenticated user to execute arbitrary code on a Confluence Server or Data Centre instance.

Key Intelligence Reports

  1. New Microsoft Office zero-day exploit dubbed “Follina” observed in the wild. Read full report >>
  2. China-linked threat actor TA413 exploits “Follina” zero-day vulnerability (CVE-2022-30190). Read full report >>
  3. Data leak extortion cybercriminal group Industrial Spy launches own ransomware operation. Read full report >>

If you come across any issues or need assistance, please do not hesitate to reach out to Secrutiny.

What is OVS?

The Orpheus Vulnerability Severity Score (OVSS) helps companies understand the risk associated with particular vulnerabilities. Orpheus does this by adding additional context on the likely threat to and impact of CVEs, building upon the vulnerability information that is provided as part of the CVSS (Common Vulnerabilities Scoring System) score.

The Orpheus Vulnerability Severity Score (OVSS)