The Follina vulnerability can and has been exploited for remote code execution using specially crafted documents. The root cause of the vulnerability has been known for at least a couple of years, but Microsoft appears to have largely ignored the issue until a researcher saw it being exploited in May.

The first attacks leveraging Follina seem to have been launched in April, but exploitation attempts have increased following its disclosure.

A Chinese threat actor has been using it in attacks aimed at the Tibetan community and cybercriminals have been leveraging it to deliver Qbot, AsyncRAT and other malware.