Security Experts:

Connect with us

Hi, what are you looking for?



Windows Updates Patch Actively Exploited ‘Follina’ Vulnerability

Microsoft has fixed roughly 50 vulnerabilities with its June 2022 Patch Tuesday updates, including the actively exploited flaw known as Follina and CVE-2022-30190.

Microsoft has fixed roughly 50 vulnerabilities with its June 2022 Patch Tuesday updates, including the actively exploited flaw known as Follina and CVE-2022-30190.

The Follina vulnerability can and has been exploited for remote code execution using specially crafted documents. The root cause of the vulnerability has been known for at least a couple of years, but Microsoft appears to have largely ignored the issue until a researcher saw it being exploited in May.

The first attacks leveraging Follina seem to have been launched in April, but exploitation attempts have increased following its disclosure. 

A Chinese threat actor has been using it in attacks aimed at the Tibetan community and cybercriminals have been leveraging it to deliver Qbot, AsyncRAT and other malware.

While an official patch has only now been released, Microsoft made available workarounds and mitigations shortly after its disclosure.

The security hole is related to the Microsoft Support Diagnostic Tool (MSDT) and it impacts Windows 7, Windows 8.1, Windows 10, Windows 11, Windows Server 2008, Windows Server 2012, Windows Server 2016, Windows Server 2019, and Windows Server 2022. Researchers have confirmed that exploitation works against most versions of Office.

“The update for this vulnerability is in the June 2022 cumulative Windows Updates. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action,” Microsoft said in its advisory.

Microsoft’s latest Patch Tuesday updates address vulnerabilities in Windows, Office, Azure, Endpoint Configuration Manager, Visual Studio, SQL Server, and Microsoft Photos. The addressed security holes can be exploited for remote code execution, privilege escalation, information disclosure and DoS attacks.

Three advisories have a “critical” severity rating: CVE-2022-30136 (Windows NFS remote code execution), CVE-2022-30163 (Windows Hyper-V remote code execution), and CVE-2022-30139 (Windows LDAP remote code execution).

No vulnerabilities were publicly disclosed before patches were made available. In addition, a vast majority of the advisories have an “exploitation less likely” or “exploitation unlikely” exploitability rating. Only a few Windows flaws have an “exploitation more likely” rating: CVE-2022-30160, CVE-2022-30136 and CVE-2022-30147.

Microsoft has also informed users about several local information disclosure vulnerabilities patched by Intel in its processors. The flaws, rated “medium severity,” require firmware updates and a corresponding Windows update that enables a mitigation.

Trend Micro’s Zero Day Initiative (ZDI) has released a high-level analysis of this month’s patches.

It’s also worth noting that support for Internet Explorer 11 will end tomorrow, on June 15, 2022. Users have been advised to switch to the Edge web browser.

Adobe’s Patch Tuesday updates address 46 vulnerabilities affecting the software giant’s Animate, Bridge, Illustrator, InCopy, RoboHelp and InDesign products.

Related: Patch Tuesday: Microsoft Warns of New Zero-Day Being Exploited

Related: Microsoft Patches 128 Windows Flaws, New Zero-Day Reported by NSA

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.