Archive for June 4, 2022

Everyone Needs To Pay Attention To This Microsoft Zero Day Exploit That Is Making The Rounds

Posted in Commentary with tags on June 4, 2022 by itnerd

I’ve been delaying writing about this until I could get some more information about this zero day exploit, and mitigation strategies for it. Let’s start with the exploit.

Researchers warned last weekend that a flaw in Microsoft’s Support Diagnostic Tool could be exploited using malicious Word documents to remotely take control of target devices. Here’s some details:

On May 27, a researcher who uses the online moniker “nao_sec” reported on Twitter that they had found an interesting malicious document on the VirusTotal malware scanning service. The malicious Word file, uploaded from Belarus, is designed to execute arbitrary PowerShell code when opened.

The malware was later analyzed by several others, including researcher Kevin Beaumont, who published a blog post detailing his findings on Sunday.

“The document uses the Word remote template feature to retrieve a HTML file from a remote webserver, which in turn uses the ms-msdt MSProtocol URI scheme to load some code and execute some PowerShell,” Beaumont explained, adding, “That should not be possible.”

The researcher noted that the code is executed even if macros are disabled — malicious Word documents are typically used for code execution via macros. Microsoft Defender currently does not appear to be capable of preventing execution.

“Protected View does kick in, although if you change the document to RTF form, it runs without even opening the document (via the preview tab in Explorer) let alone Protected View,” Beaumont said.

The researcher decided to name the zero day vulnerability “Follina” because the malicious file references 0438, which is the area code of Follina, a village in Italy.

This is now being tracked as CVE-2022-30190. Currently there is no fix for it that Microsoft has issued. But they offer guidance for mitigation. That all sounds good, but here’s the bad news. This appears to be actively being exploited by threat actors and Microsoft may have been asleep at the switch:

The Microsoft Support Diagnostic Tool vulnerability was reported to Microsoft on April 12 as a zero-day that was already being exploited in the wild, researchers from Shadow Chaser Group said on Twitter. A response dated April 21, however, informed the researchers that the Microsoft Security Response Center team didn’t consider the reported behavior a security vulnerability because, supposedly, the MSDT diagnostic tool required a password before it would execute payloads.

On Monday, Microsoft reversed course, identifying the behavior with the vulnerability tracker CVE-2022-30190 and warning for the first time that the reported behavior constituted a critical vulnerability after all.

That’s bad on Microsoft’s part. Really bad.

My advice is that you should follow Microsoft’s guidance for this to mitigate the issue until a fix appears. Because if there is no fix, and it’s actively being exploited by threat actors, it’s only a matter of time before there is widespread pwnage.

Google Is Killing Off Location Based Reminders…. WHY??

Posted in Commentary with tags on June 4, 2022 by itnerd

This makes no sense. ARS Technica is reporting that Google is killing location based reminders:

Google is sending out notifications telling users the feature is dead. A message on a Google support pagesays: “The option to create reminders for a certain location is going away soon. You can still create reminders at a certain time and set routines for a location.” Suggesting routines as a replacement is a ludicrous suggestion, since routines are, well, routine, and want to repeat after a set period of time. They also are meant to trigger smart-home automation or alarm clocks; they aren’t simple notifications.

How does this make sense? Why is Google doing this? I have no clue. I can’t explain it. The cynic in me says that they are trying to find a way to monetize it. But truly, it makes no sense. Especially seeing that I as a member of Team iPhone can ask Siri to remind me to do something when I get home.

And for bonus points, they’re also killing this:

Another reminder feature getting the ax is a fairly new one, probably dying due to a lack of usage. In 2019 Google announced the ability to send reminders to other people. Actually doing this was pretty difficult, though. You would have to either be in the Google “Family” ecosystem and have them set up in the family link or have that person be someone you share an Assistant device with, like a roommate.

That one make sense as to why Google might be killing that feature. But if anyone can explain to me why Google is killing off location based reminders, please let me know because I am at a loss to explain this.