Last week, researchers disclosed a Microsoft Windows and Office zero-day vulnerability known as Follina. It allows attackers to take over a computer system by sending a specially crafted email and attachment. A zero-day bug indicates that there is no official patch available from the manufacturer, Microsoft. The bug was only discovered when attackers were caught using it to infiltrate organizations and take over systems. The Follina bug represents a serious and active threat to all organizations. All versions of Microsoft Windows are known to be affected. This includes operating systems dating back to Windows 7 and Windows Server 2008.
As an InfraNet IMS client, you are well protected, and no further action is required. We have several confirmed layers of protection against this bug and will continue to monitor for indications of compromise.
What do You Need to do?
- Remind users,
- Never open attachments from anyone they don’t know or don’t expect to receive something from.
- If you do receive an unexpected email, confirm with the sender what an attachment is before opening it,
- When in doubt, pick up the phone and call the sender.
- Never “Enable Macros”, download or install Plugins if prompted without fully knowing the validity of the file. Malicious PDF and Office documents may trick you into running malicious code.
- Never click on links within emails without confirming them with the sender.
- Remind users to report suspicious emails and communications to your designated security officers or InfraNet.
Sign Up to Receive Our Weekly Security Awareness Tip!
Developing security habits in every aspect of your life is important. To subscribe to our weekly Security Tip, Click Here.
text