“Follina” (CVE-2022-30190): Microsoft Support Diagnostic Tool 0-Day Vulnerability Being Actively Exploited
Tags
attack-pattern: Data Exploits - T1587.004 Exploits - T1588.005 Malicious File - T1204.002 Powershell - T1059.001 Tool - T1588.002 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 7dfebbf6-491b-4650-9c26-5e56771b60f8
Fingerprint ac413915eb2ccdc5
Analysis status DONE
Considered CTI value 0
Text language
Published May 31, 2022, 1:55 p.m.
Added to db Nov. 6, 2023, 6:31 p.m.
Last updated Nov. 18, 2024, 4:35 a.m.
Headline “Follina” (CVE-2022-30190): Microsoft Support Diagnostic Tool 0-Day Vulnerability Being Actively Exploited
Title “Follina” (CVE-2022-30190): Microsoft Support Diagnostic Tool 0-Day Vulnerability Being Actively Exploited
Detected Hints/Tags/Attributes 32/1/8
Source URLs
Redirection Url
Details Source https://research.kudelskisecurity.com/2022/05/31/follina-cve-2022-30190-microsoft-support-diagnostic-tool-0-day-vulnerability-being-actively-exploited/
URL Provider
Details Provider Source level domain
Details kudelskisecurity.com research.kudelskisecurity.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 205 Kudelski Security Research https://research.kudelskisecurity.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 172 
cve-2022-30190
Details Domain 88 
app.any.run
Details Domain 1373 
twitter.com
Details File 2127 
cmd.exe
Details Url 4 
https://app.any.run/tasks/713f05d2-fe78-4b9d-a744-f7c133e3fafb
Details Url 2 
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/31/microsoft-releases-workaround-guidance-msdt-follina-vulnerability
Details Url 1 
https://twitter.com/gentilkiwi/status/1531384447219781634
Details Windows Registry Key 8 
HKEY_CLASSES_ROOT\ms-msdt