A serious vulnerability has been found in Microsoft Windows, the most-used operating system for computers around the world, which could be exploited by a simple MS Word document. The vulnerability, which affects 32 versions of Windows, was officially acknowledged by Microsoft on Tuesday, while the Indian Computer Emergency Response Team (CERT-In), too, has assigned it a ‘high’ severity rating. Worryingly, there are also preliminary indications that the vulnerability has already been used to target Indian users.
The vulnerability, earlier dubbed ‘Follina’, was later renamed as CVE-2022-30190. ‘CVE’ stands for Common Vulnerabilities and Exposures, and every vulnerability that is officially acknowledged is assigned a CVE number for easy reference and further research.
Follina falls under the category of ‘Zero Day vulnerabilities’, meaning vulnerabilities discovered only when malicious hackers exploit them. The term ‘Zero Day’ is used because there are zero days between their discovery and exploitation.
The Microsoft advisory, issued on its official website, states that the vulnerability is exploited by sending an MS Word document to the targets. The moment the victim opens the document or even previews it, the vulnerability allows the hidden code inside the document to embed itself in the system.
“The attacker can then install programs, view, change, or delete data, or create new accounts,” Microsoft has stated.
CERT-In’s advisory, too, confirms that the vulnerability allows attackers to execute the arbitrary code on the target devices, which, in simple words, means that the attacker, once inside your system, can run any programme on it. Effectively, Follina grants complete access of your machine to attackers, if you are using any one of the 32 versions of Windows affected by it.
Microsoft has laid out detailed guidelines for Windows users to follow in order to disable the vulnerability and secure their system.
What makes the matter all the more serious, however, is that while Follina is only being officially acknowledged now, research indicates that it has been around and exploited since as far back as October 2021. The chatter around Follina among independent cybersecurity researchers, which has been gathering steam for days, suggests that India is one of the countries in which the vulnerability was exploited. Researchers routinely monitor discussions on the dark web about the latest vulnerabilities exploited by hackers, after which they verify the claims on their own and then report their research to the concerned stakeholders.
According to a researcher identified as ‘2ero’ on Twitter, Follina was first tested in October 2021, after which it was exploited in March 2022 in Nepal, India and the Philippines. It was later also used for cyber-attacks in Russia in April and Belarus in May.
Various parts of these claims were also corroborated by other researchers. One research group, nao_sec, found the code used in Belarus while cybersecurity researcher Kevin Beaumont found a malware-loaded MS Word document, titled, ‘Invitation for job interview’ which was used in the Russia attack. In fact, it was Beaumont who came up with the name for the vulnerability, as its file name contained the numbers ‘0438’, which is the telephone code for Follina, Italy.