CVE-2022-30190 (Follina) — MSDT RCE in Windows (what to know now)
CVE-2022-30190 commonly referred to as Follina grabbed headlines in 2022 because attackers could execute code simply by getting a victim to open a Word document (no macro required). The chain uses Word’s remote template / HTML features to invoke the Windows MSDT handler (ms-msdt:), which in turn runs attacker-controlled commands. Although patches and workarounds exist, […]