Microsoft Releases a Fix for the Actively Exploited ‘Follina’ Vulnerability on Patch Tuesday ,As part of its Patch Tuesday upgrades, Microsoft officially published remedies to address an extensively exploited Windows zero-day vulnerability known as Follina.
There are 55 more problems rectified by the tech giant, three of which are labeled Critical, 51 are rated Important, and one is rated Moderate. Five other flaws in the Microsoft Edge browser were fixed separately.
The zero-day flaw is identified as CVE-2022-30190 (CVSS score: 7.8) and affects the Windows Support Diagnostic Tool (MSDT) when it is invoked using the “ms-msdt:” URI protocol scheme from an application like Word.
A specially prepared Word document that uses Word’s remote template functionality to download and load a malicious HTML file can easily exploit the issue. The attacker is able to load and run PowerShell code within Windows thanks to the HTML file.
In a security alert, Microsoft stated, “An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the caller program.” “In the context allowed by the user’s rights, the attacker can then install applications, read, alter, or remove data, or establish new accounts.”
Follina is unique in that it does not require the use of macros to exploit the issue, eliminating the necessity for an adversary to dupe users into enabling macros in order to launch the attack.
Since the flaw was made public late last month, it has been widely exploited by various threat actors to drop a range of payloads including AsyncRAT, QBot, and other data stealers. Follina has been abused in the wild since at least April 12, 2022, according to evidence.
The cumulative security update fixes several remote code execution flaws in Windows Network File System (CVE-2022-30136), Windows Hyper-V (CVE-2022-30163), Windows Lightweight Directory Access Protocol, Microsoft Office, HEVC Video Extensions, and Azure RTOS GUIX Studio, in addition to CVE-2022-30190.
CVE-2022-30147 (CVSS score: 7.8), an elevation of privilege vulnerability affecting Windows Installer that has been tagged by Microsoft as “Exploitation More Likely,” is another security flaw worth noting.
“Once an attacker has achieved initial access, they can elevate that access to that of an administrator, allowing them to disable security tools,” said Kev Breen, head of cyber threat research at Immersive Labs. “In the case of a ransomware assault, this allows attackers to get access to more sensitive data before encrypting files.”
For the first time since January 2022, the newest batch of patches does not include any updates to the Print Spooler component. They also come as Microsoft announced that support for Internet Explorer 11 on Windows 10 Semi-Annual Channels and Windows 10 IoT Semi-Annual Channels will end on June 15, 2022.
Other Vendors’ Software Patches
Other companies, in addition to Microsoft, have provided security upgrades to address a number of vulnerabilities since the beginning of the month, including :
- Apache Projects
- Atlassian Confluence Server and Data Center
- Google Chrome
- Linux distributions Debian, Oracle Linux, Red Hat, SUSE, and Ubuntu
- Mozilla Firefox, Firefox ESR, and Thunderbird
- Schneider Electric
- Siemens, and
Have you enjoyed reading this article? To read more exclusive material from THN, follow us on Facebook. Microsoft Releases a Fix for the Actively Exploited ‘Follina’ Vulnerability on Patch Tuesday