Microsoft’s new security updates resolve Windows zero-day vulnerability Follina issue

According to Bleeping Computer, there is an ongoing vulnerability in Windows that Microsoft has recently patched. On May 30, Microsoft suggested some workarounds to address the problem. Nonetheless, the Windows 10 KB5014699 and Windows 11 KB5014697 updates will automatically resolve everything for users, making them highly urgent for all users.

“The update for this vulnerability is in the June 2022 cumulative Windows Updates,” Microsoft says. “Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.”

Bleeping Computer says the security flaw called Follina tracked as CVE-2022-30190 covers versions of Windows that are still receiving security updates, including Windows 7+ and Server 2008+. It is being exploited by hackers to get control of a user’s computers by executing malicious PowerShell commands via Microsoft Support Diagnostic Tool (MSDT), as described by the independent cybersecurity research team nao_sec. This means the Arbitrary Code Execution (ACE) attacks can occur by simply previewing or opening a malicious Microsoft Word document. Interestingly, security researcher CrazymanArmy told Microsoft’s security team about the zero-day in April, but the company simply dismissed the report submitted, saying “it is not a security-related issue.”

In a report from the security research company Proofpoint, a group linked to the Chinese government named Chinese TA413 targeted Tibetan users by sending them malicious documents. “TA413 CN APT spotted ITW exploiting the #Follina #0Day using URLs to deliver Zip Archives which contain Word Documents that use the technique,” Proofpoint writes in a tweet. “Campaigns impersonate the ‘Women Empowerments Desk’ of the Central Tibetan Administration and use the domain tibet-gov.web[.]app.”

Apparently, the said group isn’t the only one exploiting the vulnerability. Other state-related and independent bad actors have been taking advantage of it for quite some time now, including a group that disguised a document as a salary increase memo in order to phish US and EU government agencies. Others include the TA570 Qbot affiliate that delivers Qbot malware and the first attacks that were seen using sextortion threats and baits like Sputnik Radio interview invite

Once opened, the infected documents sent will allow hackers to control MDST and execute commands, leading to unpermitted program installations and access to computer data that hackers can view, delete, or alter. Actors can also create new user accounts through the user’s computer.

Sharron Bennet

Recent Posts

Free Play Days features Far Cry 6, The Serpent Rogue, and Roguebook

Xbox Free Play Days are here again. And this time, Xbox Live Gold and Xbox Game Pass Ultimate members can…

7 hours ago

YouTube is testing pinch-to-zoom feature on Premium subscribers

Different devices already have their own ways to allow zooming on YouTube content. On the desktop, you have the option…

7 hours ago

Xbox is testing new Game Pass family plan preview to Ireland and Columbia Insiders

Xbox is now exploring a new way to allow its gamers to share their Xbox Game Pass membership with family…

7 hours ago

Google tests ‘New Google.com’ page with new widget cards

Recent reports show Google is testing a brand-new layout for its home Search page on desktop to a very limited…

7 hours ago

Microsoft releases PowerToys 0.61.1 with no new features

After releasing PowerToys 0.61.0 a few days ago, Microsoft releases PowerToys 0.61.1 to bring more fixes and improvements to improve…

22 hours ago

Microsoft releases Skype 8.86 with new reaction features and more

Microsoft has just released Skype 8.86 for all the supported platforms, adding some new features and bug fixes. Skype 8.86…

22 hours ago