Detection of CVE-2022-30190?
Accepted Answer
-
Hi Tim,
I hope I can answer your questions but let me know if I missed out anything
WithSecure EDR will be able to detect the resulting child processes if this vulnerability is exploited
Following detections may generate when the vulnerability will be exploited:
EDR :
msdt spawned by iexplore - HIGH severity
office apps spawned msdt - HIGH severity
sdiagnhost spawned conhost - LOW severity
office as grandparent process - LOW severity
We do not have any documentation created nor we are able to distribute POC but you can use publicly available tools to create POC https://github.com/JohnHammond/msdt-follina
1 1Like
Answers
-
Hello!
Thanks for your quick response. Yes, that's the Follina vulnerability. Very good news if it is indeed detected. Is there a way to be certain? We're liable for anything we tell the customers so kind of need to be sure.
Also, is there a way for us to check these things for ourselves? What often happens here is that whenever the media notice a vulnerability, we get calls from customers asking if it's detected. It would be great if there were a page/resource where we could search for detected vulnerabilities by CVE or maybe chronological order.
I'll make the second question a separate post.
Thanks!
0 Like