Follina Vulnerability Remains Unpatched
Microsoft has not yet released a patch to address the vulnerability known as Follina. The flaw affects the company’s Support Diagnostic Tool and can be exploited to take control of vulnerable devices. Microsoft has acknowledged that the flaw is being actively exploited and has published guidance that include temporary mitigations. The vulnerability can be exploited through a maliciously-crafted Word document. The flaw affects all currently supported versions of Windows. Microsoft has not said whether or not plans to release a patch for the vulnerability.
This vulnerability should still be at the top of the list of things to worry about. You must implement the workaround to prevent exploitation. While anti-malware vendors are quickly updating signatures, they are inadequate to protect against the wide range of exploits that may take advantage of this vulnerability.
The Microsoft guidance includes a workaround of disabling the MSDT service on each endpoint. Many endpoint protection tools are also now able to detect and block the attack, check to see if you're covered there. Additionally verify your email security services are enabled, and are detecting and blocking this attack. While blocking externally sourced office documents is also an approach, use caution as this is likely impactful to the business and likely will be worked around by users.
Just a reminder that SANS had a webinar on Follina you can view at https://www.sans.org/webcasts/emergency-webcast-msdt-ms-word-0-day/ and published a Follina Q&A with SANS instructor Jake Williams at https://www.sans.org/blog/follina-msdt-zero-day-q-a/