Security researchers recently discovered a significant vulnerability which would allow attackers to execute malicious code on a computer if a user simply opened a specially crafted Word document. This vulnerability, referred to as “Follina” and later formally documented as CVE-2022-30190, affects all common versions of Microsoft Office. While no patch has been developed by Microsoft yet, they have issued guidance on how to mitigate the risk. Over the past 48 hours, Premier One has implemented this mitigation on all systems it can access.
Keep Your Computers Online
One of the biggest challenges in fully mitigating vulnerabilities like “Follina” is that security patches and mitigation workaround can only happen when computers are online. These efforts often happen overnight and require computers to reboot. In many cases, users may shutdown workstations or disconnect laptops at the end of a working day or over the weekend which means these systems may not get protected.
For optimal ongoing protection, please ensure that workstations and laptops remain powered up and online, even outside of normal business hours and during weekends.
Regain a Cybersecurity Advantage with Premier One Advanced Security Services
In 2021, Premier One launched two advanced security solution bundles, Premier One Security Essentials and Security Plus, to help our clients gain an advantage over modern attacks. These offerings layer on top of the existing baseline security services provided to all Premier One Managed clients and specifically address more modern threats that have become prevalent in the recent few years.
Vulnerabilities like “Follina” are classified as “zero-day” as they have no patch available. Premier One Security Plus specifically addresses this type of threat by employing a 24/7/365 human-staffed security team to watch for nefarious activities on your systems and take action at any hour, even against threats that aren’t publicly known yet.
For more information about the Premier One Advance Security offerings, please reach out to your designated Client Success Manager or email firstname.lastname@example.org.
For more information, please visit the following links as reference material:
– Microsoft Confirms ‘Follina’ Office Zero-Day Vulnerability (crn.com)
– Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability – Microsoft Security Response Center