MS office 신규 취약점 - CVE-2022-30190

CVE-2022-30190: Microsoft Support Diagnostic Tool (MSDT) RCE Vulnerability “Follina” | FortiGuard Labs (fortinet.com)

https://github.com/NafisiAslH/KnowledgeSharing/tree/main/CyberSecurity/Web/CVEs/CVE-2022/CVE-2022-30190?fbclid=IwAR3AE-5__AcYJsNvA0ETXbumeSHxf2VCOHncCLUZM-i3FnRRfUm24hGjWu0

https://github.com/PwnC00re/PoC-CVE-2022-30190?fbclid=IwAR0V2FIiqj_8gcIMx1Xb8RsNFhZDHIincJZj8GslesTFgizAz9nLxncQ0_w

• MSRC (Microsoft Security Response Center) - https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/

SANS Institute (https://www.youtube.com/watch?v=vHW_hb2m_pw)

CVE-2022-30190/Follina (https://isc.sans.edu/forums/diary/New+Microsoft+Office+Attack+Vector+via+msmsdt+Protocol+Scheme+CVE202230190/28694)

What you need to know

2022.05.31 - Jake Wiiliams

<Agenda>

1. The Vulnerability
2. Mitigations
3. Detection Engineering - 내 환경에서 exploit이 발생했을 때 라이브로 감지하는 것이기 때문
4. Forensics / Hunting
5. Closing Thoughts

구분하는 이유 -> Detection Engineering

<The Vulnerability>

nao_sec 일본의 보안 리서치 그룹 (5/27)

Kevin Beaumont (@GossiTheDog) ->