Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Windows Updates Patch Actively Exploited ‘Follina’ Vulnerability

Microsoft has fixed roughly 50 vulnerabilities with its June 2022 Patch Tuesday updates, including the actively exploited flaw known as Follina and CVE-2022-30190.

Microsoft has fixed roughly 50 vulnerabilities with its June 2022 Patch Tuesday updates, including the actively exploited flaw known as Follina and CVE-2022-30190.

The Follina vulnerability can and has been exploited for remote code execution using specially crafted documents. The root cause of the vulnerability has been known for at least a couple of years, but Microsoft appears to have largely ignored the issue until a researcher saw it being exploited in May.

The first attacks leveraging Follina seem to have been launched in April, but exploitation attempts have increased following its disclosure. 

A Chinese threat actor has been using it in attacks aimed at the Tibetan community and cybercriminals have been leveraging it to deliver Qbot, AsyncRAT and other malware.

While an official patch has only now been released, Microsoft made available workarounds and mitigations shortly after its disclosure.

The security hole is related to the Microsoft Support Diagnostic Tool (MSDT) and it impacts Windows 7, Windows 8.1, Windows 10, Windows 11, Windows Server 2008, Windows Server 2012, Windows Server 2016, Windows Server 2019, and Windows Server 2022. Researchers have confirmed that exploitation works against most versions of Office.

“The update for this vulnerability is in the June 2022 cumulative Windows Updates. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action,” Microsoft said in its advisory.

Microsoft’s latest Patch Tuesday updates address vulnerabilities in Windows, Office, Azure, Endpoint Configuration Manager, Visual Studio, SQL Server, and Microsoft Photos. The addressed security holes can be exploited for remote code execution, privilege escalation, information disclosure and DoS attacks.

Advertisement. Scroll to continue reading.

Three advisories have a “critical” severity rating: CVE-2022-30136 (Windows NFS remote code execution), CVE-2022-30163 (Windows Hyper-V remote code execution), and CVE-2022-30139 (Windows LDAP remote code execution).

No vulnerabilities were publicly disclosed before patches were made available. In addition, a vast majority of the advisories have an “exploitation less likely” or “exploitation unlikely” exploitability rating. Only a few Windows flaws have an “exploitation more likely” rating: CVE-2022-30160, CVE-2022-30136 and CVE-2022-30147.

Microsoft has also informed users about several local information disclosure vulnerabilities patched by Intel in its processors. The flaws, rated “medium severity,” require firmware updates and a corresponding Windows update that enables a mitigation.

Trend Micro’s Zero Day Initiative (ZDI) has released a high-level analysis of this month’s patches.

It’s also worth noting that support for Internet Explorer 11 will end tomorrow, on June 15, 2022. Users have been advised to switch to the Edge web browser.

Adobe’s Patch Tuesday updates address 46 vulnerabilities affecting the software giant’s Animate, Bridge, Illustrator, InCopy, RoboHelp and InDesign products.

Related: Patch Tuesday: Microsoft Warns of New Zero-Day Being Exploited

Related: Microsoft Patches 128 Windows Flaws, New Zero-Day Reported by NSA

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...