Monday, July 4

Microsoft releases security patch for serious Word bug | Digital Trends Spanish

Microsoft has rolled out security updates as part of its June 2022 Windows Updates to address a serious security bug that has targeted programs like Microsoft Word.

The Windows zero-day vulnerability is known as Follina (CVE-2022-30190) to security researchers and is “actively exploited in ongoing attacks,” according to bleeping computer.

Interestingly, if you have June’s update installed, you can choose to make your system vulnerable to Follina / CVE-2022-30190 again if you set the TurnOffCheck registry value.
Presumably Microsoft has some customers where they need to be vulnerable to this? 🤔

— Will Dormann (@wdormann) June 15, 2022

Microsoft recommends that those running Windows 7 or higher update their systems as soon as possible. However, if you have automatic updates configured, you do not need to take any action.

Researchers became aware of the security flaw in late May; however, Microsoft seemed not to address the situation closely, offering manual command prompt solutions to the problem instead of a software patch.

Vulnerability analyst Will Dormann noted that the June update even appears to be misdated, as if it were available in May instead of now.

Follina’s first attacks could have started in mid-April, “with threats of sextortion and invitations to Sputnik Radio interviews as baits,” he added. bleeping computer.

Security researcher CrazymanArmy of the Shadow Chaser Group told the publication that the Microsoft security team rejected his submission at the time as not being a “security-related issue.”

The zero-day vulnerability is capable of giving hackers access to the Microsoft Support Diagnostic Tool (MSDT), according to security company Proofpoint. This tool is commonly associated with Microsoft Office and Microsoft Word. From there, hackers can access the computer’s back ends, granting them permission to install programs, create new user accounts, and manipulate data on a device.

Follina’s first documented attack dates back to a Chinese hacking group TA413, targeting the Tibetan diaspora. The follow-up attacks were phishing scams targeting US and EU government agencies. The most recent attacks are connected to affiliate TA570 Qbot, which is running phishing scams with Qbot malware, the post added.

Publisher Recommendations

Leave a Reply

Your email address will not be published.