MS office 신규 취약점 - CVE-2022-30190

CVE-2022-30190: Microsoft Support Diagnostic Tool (MSDT) RCE Vulnerability “Follina” | FortiGuard Labs (fortinet.com)

https://github.com/NafisiAslH/KnowledgeSharing/tree/main/CyberSecurity/Web/CVEs/CVE-2022/CVE-2022-30190?fbclid=IwAR3AE-5__AcYJsNvA0ETXbumeSHxf2VCOHncCLUZM-i3FnRRfUm24hGjWu0

https://github.com/PwnC00re/PoC-CVE-2022-30190?fbclid=IwAR0V2FIiqj_8gcIMx1Xb8RsNFhZDHIincJZj8GslesTFgizAz9nLxncQ0_w

SANS Institute (https://www.youtube.com/watch?v=vHW_hb2m_pw)

CVE-2022-30190/Follina (https://isc.sans.edu/forums/diary/New+Microsoft+Office+Attack+Vector+via+msmsdt+Protocol+Scheme+CVE202230190/28694)

What you need to know

2022.05.31 - Jake Wiiliams

<Agenda>

  1. The Vulnerability
  2. Mitigations
  3. Detection Engineering - 내 환경에서 exploit이 발생했을 때 라이브로 감지하는 것이기 때문
  4. Forensics / Hunting
  5. Closing Thoughts

구분하는 이유 -> Detection Engineering


<The Vulnerability>

nao_sec 일본의 보안 리서치 그룹 (5/27)

Kevin Beaumont (@GossiTheDog) ->