The Windows Follina Vulnerability Has A Temporary Fix

File this away under “good news, bad news.”

The bad news is that there’s a new, critical zero-day threat to be concerned about.  The threat has been dubbed ‘Follina.’

It is being tracked as CVE-2022-30190 and is being described by Microsoft as an MSDT (Microsoft Windows Support Diagnostic Tool) remote code execution flaw that impacts all version of windows still getting security updates, including Windows 7+ and Server 2008+.

It’s a serious bug that puts your system at risk. Even worse is that Microsoft doesn’t currently have a patch to fix it. Although they have issued a bulletin outlining some mitigation steps you can take to help minimize your risk until an official patch is released.

The good news:

There’s an unofficial patch offered by opatch for Windows 11, v 21H2, Windows 10 (versions 1803 through 21H2), Windows 7 and Windows Server 2008R2.

Microsoft’s mitigation strategies advise disabling the MSDT URL protocol handler to minimize your risk. However, this mini patch provides a means of sanitizing the user-provided path to avoid rendering the Windows Diagnostic stuff inoperable.

Opatch co-founder Mitja Kolsek had this to say about their patch:

“Note that it doesn’t matter which version of Office you have installed, or if you have Office installed at all: the vulnerability could also be exploited through other attack vectors.

That is why we also patched Windows 7, where the ms-msdt: URL handler is not registered at all.”

Best of all is that the only thing you have to do to get this unofficial patch is register for an opatch account and install the opatch agent.  Once you run the agent, it will automatically download the patch and apply it for you unless your network has a security policy in place that prevents that.

It’s a good solution offered by a great company and is highly recommended.

Update Google Chrome Soon To Fix Multiple Security Issues

Are you a Google Chrome user?  If so, be aware that the company recently released a stable version of Chrome 102 and is urging all users of its browser to update right away. The latest release contains a total of 32 security fixes on Windows, Mac and Linux.

Of the 32 flaws addressed, eight are high-severity, nine are medium, seven are low-severity and one is critical.  The critical flaw, tracked as CVE-2022-1853, is a “user after free in IndexedDB” which is an interface where data is stored in a user’s browser.

Details about the bug or how hackers could exploit it is limited. Pieter Arntz is a security researcher at Malwarebytes, and according to them, a hacker could exploit the flaw by creating a poisoned website that would take over the visitor’s browser by manipulating the IndexedDB.

None of the flaws addressed in Chrome 102 are “Zero Day” issues, meaning flaws that were exploited before Google released the patch to address the flaw.  Even so, many people are somewhat slow to update their browser, and if you are one of them, then you could be in for a world of headaches if a hacker sets their sights on your system.

You can get Chrome 102 for Windows, Mac, and Linux right now. In case you weren’t aware, normally Chrome is updated every four weeks but the extended release gains an additional four weeks by Google back-porting important security fixes to it.

Also be aware that an extended stable release is updated every eight weeks.  Grab yours today and kudos to Google for their tireless work!  Last year, Google’s Project Zero team counted a total of 58 Zero-Day exploits for popular software, with twenty-five of these impacting web browsers.

Be Aware That ChromeLoader Malware Is Picking Up Steam

A browser hijacker called “ChromeLoader” has had a large uptick in detections this month, which is raising eyebrows among security professionals.

ChromeLoader can modify a victim’s web browser settings to show search results that promote unwanted (and usually spammy) software, annoying pop-up ads, fake giveaways, adult games, dating sites, surveys, and the like.

As malware goes, there are far worse strains out there.  Rather than infect you with malicious code that locks all your files or installs other destructive forms of malware, this one will see you flooded with scammy or spammy offers. It will  frustrate you by forcing you to click through a sea of ads you’d rather not see, all in a bid to make a bit of coin for the malware’s owners.

It is noteworthy mostly because of its persistence and its aggressive use of Powershell, which it abuses like few other malware strains do.  Even worse, the owners of the malicious code have recently released a variant that specifically targets macOS users, so if you thought you were safe because you were using a Mac, think again.

While we wish that all malware strains were as relatively harmless as this one, that doesn’t mean it isn’t a threat or that you shouldn’t take it seriously.  While it’s not as destructive as most of the malware strains that make the headlines, it’s still a genuine concern that can cause you innumerable headaches.

If you start to see an unusual number of popup ads or if your computer has a scary preference for porn and gaming sites, odds are good that you’ve been infected. It may appear like your computer has a life of its own. If you see those things, the problem won’t go away on its own and you should get your machine to a tech as soon as possible.

New Phishing Attack Delivers Three Types Of Malware To Victims

Phishing campaigns get more effective the more closely they can imitate a trusted source.  Recently, security researchers at Fortinet discovered evidence of a phishing campaign that specifically targets Microsoft Windows users and installs three different types of malware on the systems it manages to infect.

Among other things, this campaign gives the hackers behind it the ability to steal usernames, passwords, banking details, and more. That is in addition to leveraging the infected system to secretly mine for cryptocurrency, which finds its way into a wallet controlled by the hackers.

To lure victims into infecting themselves, the Phishing campaign’s contact emails are all designed to appear as a payment report from a legitimate trusted source, which contains an attached Microsoft Excel document. It is conveniently included for the recipient’s review. Naturally, anyone opening the attached document dooms themselves, as it is poisoned and contains scripts designed to install malicious payloads in the background.

Phishing campaigns remain one of the most popular infection methods in the hacking world.  They tend to gravitate to those techniques that work and require relatively little in the way of effort.

Phishing fits that bill perfectly.  It’s usually a trivial matter to create an email that’s virtually identical to one you might get from a trusted source, and hackers have been poisoning Microsoft Excel files since the earliest days of the internet.

As ever, the best defense against these types of attacks is vigilance and mindfulness.  A quick phone call to the trusted source that supposedly sent you the email communication is almost always enough to verify whether it is real. Shockingly, few users take this step.

In a similar vein, clicking on embedded links in an email or downloading files should be done with a healthy dose of caution. That includes another phone call to the trusted source to be sure they did in fact send you something.

Unfortunately, that’s a lot easier to teach than it is to implement, as employees don’t have a good track record with either of those things.

Windows 11 May Release New Feature For Copying Information

If you’re a member of the Windows Insiders group, then you are likely already aware of this. If not, here’s something else to look forward to when Windows 11 is formally released.  Microsoft has been experimenting with a new “Suggested Actions” feature when you copy data onto your clipboard.

It all begins with Windows 11 build 22621 in the Beta channel and Build 25115 in the Dev channel. There you’ll see the new feature in action any time you copy something to your clipboard.  A bar will appear with one or more options, contextualized to the information you just copied.

For example, if you just copied a date in a sentence regarding a conference, you might get a bar that allows you to create an event for that data with a single click.  If you copy a phone number, the bar would populate with a button allowing you to place a call to that number with one click or tap and so on.

Currently, the feature is quite limited in its scope, and you only see a “Suggested Action” bar when copying certain types of data. If the feature catches on, it would be easy for Microsoft to expand the idea and potentially to expand it greatly.

At present, Microsoft is actively shopping for feedback about the new feature in the Feedback Hub under Desktop Environment > Suggested action on copy.  If enough people respond favorably to the new feature, it’s almost certain that Microsoft will keep it. If enough people write in with suggestions on what other types of data they’d like to see incorporated into the new system, those will most likely be added.

It’s a small thing but this is one way that the user base can help mold the shape and direction of Windows 11 and we’re very pleased to see it.  Kudos to Microsoft.