Microsoft has fixed a vulnerability in Windows called Follina
Microsoft has fixed a vulnerability in Windows called Follina


Microsoft released a new Windows Security Update in June 2022. The update fixes an important operating system vulnerability called Follina, which is being actively exploited in persistent attacks.

"Microsoft strongly recommends that customers install and update to completely avoid vulnerabilities," the company said. System settings to receive automatic updates do not need to take any further action.

The company also deployed through the Microsoft Security Response Center to urge customers to install and update as soon as possible.

The trace was CVE-122-30190 and Microsoft described the vulnerability as a Windows Remote Diagnostic Tool code that implements the vulnerabilities. All Windows versions of secure updates continue to receive the effects of the vulnerability.

An attacker who successfully exploited this vulnerability could use the application's permission to run arbitrary code to install programs or view, modify, or delete data.

Also, the attacker can create a new Windows account with the permission of the user authorized by the attack.

In addition, the Follina vulnerability allows attackers to help diagnose malicious PowerShell commands through Windows, and Microsoft has described it as an exploit code to open or preview Word documents.

The patch does not prevent Office from loading the Windows URI handler without user interaction. But it can block PowerShell injections and disable this attack vector.

Microsoft closed a major security hole

For some time now, state-sponsored actors and cybercriminals have been exploiting Volina's vulnerabilities to launch attacks with various goals.

Chinese hacker TA413 used the vulnerability in attacks against Tibetans. It is also used by the second organization with the state for phishing attacks against government agencies in the United States and the European Union.

The TA570 is now using Follina for net fishing activities to injure QBOT recipients.

The first attack on this vulnerability began in mid-April. This is an invitation to a satellite radio interview as bait for sexual blackmail.

The Office of Network Infrastructure Safety and Security also urged Windows administrators and users to disable the Windows Support Diagnostic Tool registry, which has been abused by these attacks. This is based on Microsoft's report on the active use of the vulnerability.

In April, a security researcher informed Microsoft's security team that the company had rejected its original submission because it wasn't a security issue.

However, according to the researchers, Microsoft engineers closed the report, saying that the report describes the error as a remote code execution issue.


Previous Post Next Post