Cybersecurity Alert - FINRA Notifies Member Firms of Microsoft Alert (CVE-2022-30190)

FINRA’s National Cause and Financial Crimes Detection (NCFC) Cyber and Analytics Unit (CAU) has noted a recent alert issued by Microsoft on May 30, 2022.

The Microsoft alert describes a remote code execution vulnerability, named “Follina” by security analysts, related to the Microsoft Support Diagnostic Tool (MSDT) that can be used by a threat actor to run malicious code. As a result, a threat actor could install programs; view, change, or delete data; or create new accounts on the network.

The Microsoft alert, associated with CVE-2022-30190, recommends disabling the MSDT tool and provides instructions to implement this recommendation. In addition, Microsoft provides suggested configuration settings for Microsoft Defender Antivirus and Microsoft Defender for Endpoint that will also protect against exploitation of the vulnerability.

FINRA recommends firms evaluate the Microsoft alert and take appropriate measures to protect against the reported vulnerability. For guidance or questions, please contact your assigned Risk Monitoring Analyst or NCFC’s Cyber Security Group (CSG).