Nao_Sec, an independent cybersecurity research group, recently informed the public of a new Microsoft security vulnerability: Follina.
What do you need to know regarding Follina?
- This vulnerability can be triggered through something as simple as opening a malicious Word doc in preview mode in Microsoft Outlook
- There is currently no patch available for this zero-day attack
- Do NOT open any attachments if you do not know the sender or you are not expecting the attachment (If you are unsure, call the sender to verify the email and attachment are legitimate)
- Named “Follina” after reference “0438” in malicious sample, the area code of municipality in Treviso, Italy, called Follina
As always, Merit is keeping client patches up to date. However, since a patch is not currently available for this attack, and until there is one, be extra vigilant when opening any attachments, particularly if you do not know the sender. If you do get a suspicious email, please let us know. This post is not intended to increase worry, but to educate and inform users about what’s going on in the world in order to mitigate security threats. The protection of your business is our number one priority, and we will continue to monitor the situation and provide updates as they arise. Please contact us with any questions or concerns.