Cybersecurity Briefing — Microsoft patches Follina MSDT RCE (CVE-2022-30190)
Microsoft’s 14 June 2022 Patch Tuesday shipped fixes for the widely exploited Follina MSDT remote code execution flaw (CVE-2022-30190) affecting Office documents, closing a zero-click infection vector used by state-linked threat actors.
On 14 June 2022 Microsoft released security updates for CVE-2022-30190, the “Follina” Microsoft Support Diagnostic Tool (MSDT) vulnerability abused via malicious Office documents. The flaw allowed crafted URLs to execute PowerShell through MSDT without macros, enabling remote code execution when users opened or previewed files. Threat intelligence reported exploitation by APT groups targeting government and media organizations prior to the patch.
Organizations should deploy the June cumulative updates, validate that Office applications block MSDT invocation, and monitor for lingering indicators such as ms-msdt process calls from Office executables. Disabling the MSDT URL protocol handler and tightening attachment sandboxing remain prudent defense-in-depth steps alongside vulnerability scanning to confirm patch coverage.
- Microsoft Security Response Center advisory documents the CVE details, affected products, and June 2022 patch availability.
- CISA alert notes active exploitation and recommends mitigation steps including disabling MSDT URL handlers and applying the June updates.
Continue in the Cybersecurity pillar
Return to the hub for curated research and deep-dive guides.
Latest guides
-
Cybersecurity Operations Playbook — Zeph Tech
Use Zeph Tech research to align NIST CSF 2.0, CISA KEV deadlines, and sector mandates across threat intelligence, exposure management, and incident response teams.