2/6/2022
This week Microsoft acknowledged an emerging threat posed by the vulnerability dubbed “Follina”. This is a zero-day vulnerability, triggered by opening malicious Microsoft Office documents. Threat actors may deceive victims into opening these documents using email attachments, social media links, file downloads, or other creative delivery methods. Once the file has been opened and the code is detonated, threat actors can elevate their own privileges and potentially gain “god mode” (install programs, view, change, or delete data, or create new accounts in the context allowed by the user's rights) access to the affected environment. It has been rated 7.8 on the Common Vulnerability Scoring System (a 1 to 10 scale based on severity).