Microsoft has quietly issued a fix for a Windows 0-day under attack
Getty
It was just a week ago that I warned of a 0-day hack, enabling an attacker to remotely execute code on most versions of Microsoft Windows and Windows Server, was already being exploited in the wild. The attacks employed malicious Microsoft Office documents, but not with the usual macro-based methodology. Instead, Follina, as CVE-2022-30190 quickly became known, used vulnerabilities in the Microsoft Windows Support Diagnostic Tool (MSDT) and could even execute without the need to open the document in some exploit scenarios.
As no emergency, out-of-band, fix was forthcoming, it was hoped that the June Patch Tuesday security update would include Follina. However, with that Patch Tuesday rollout happening yesterday, there was no mention of CVE-2022-30190 in the documented fixes. At first, this seemed to suggest that Microsoft (which still hasn’t responded to my request for a statement regarding Follina, by the way) was going with the ‘it’s a feature, not a bug’ defense. However, despite CVE-2022-30190 being conspicuous by its absence, it appears that was not the case.
The Microsoft Security Update Guide entry for CVE-2022-30190 has been edited to read: “A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.” Scrolling down to the FAQ section, the confirmation is complete with this answer to the is there an update available question: “Yes, the updates are available. Microsoft recommends installing the June updates as soon as possible.”
“Microsoft issued a patch today for a vulnerability existing in Microsoft Office using Microsoft’s Support Diagnostic Tool. A malicious code, working stealthily in preview mode, triggers the exploit in preview mode. The user does not have to open the document directly in order to activate the malware” Ken Smiley, director of special projects at Tanium, confirmed. “It is imperative that companies immediately patch and mitigate this emerging threat across their full enterprise environment,” Smiley concluded.
You know what to do, install the June 2022 Patch Tuesday updates now.
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Technology News Click Here