CRITICAL ALERT: Exploitation of Microsoft Office vulnerability: Follina

Background / What has happened?

On 31 May 2022, Microsoft disclosed a remote code execution (RCE) vulnerability in the Microsoft Support Diagnostic Tool (MSDT). This vulnerability, dubbed “Follina”, can be exploited by an attacker sending a URL to a vulnerable machine. Successful exploitation allows an attacker to install programs, view or change data, or create new accounts in line with the victim’s user permissions.

The ACSC is aware of active exploitation of the Follina vulnerability targeting Australian organisations.

Proof of Concept code to exploit the Follina vulnerability is available online and has been integrated into common exploitation frameworks and tools. Disabling Microsoft Office Macros does not prevent exploitation of this vulnerability.

Mitigation / How do I stay secure?

A patch is not currently available. Australian organisations who use Microsoft Office products should review their system configurations, and follow Microsoft’s guidance on implementing a workaround until a patch is available.

The ACSC also recommends:

Microsoft Office users should continue to monitor Microsoft’s website for updates and future vulnerabilities.

Assistance / Where can I go for help?

The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1 (1300 292 371).

Read this alert on the website.

Are you a victim of cybercrime? Visit ReportCyber to take your next steps.

We use hyperlinks to give you more information. If you don't want to click hyperlinks, you can search for the information on

<< Go back to the previous page