this Zero-day error in OfficeAppeared in May and known as follina, finally received an official fix. The solution is part of the update June Patch TuesdayPosted this Tuesday (14) by Microsoft for Windows 11 and previous versions of the operating system.
The vulnerability, which is considered to be of high severity, affects the Microsoft Diagnostic Tool (MSDT), which can be used by cybercriminals to execute malicious code remotely. According to those responsible for the discovery, simply opening a modified Word document will make the invasion easier.
Due to the ease of exploitation, different malware operating groups exploited the flaw, which is officially recorded as: CVE-2022-30190 Entering the systems of government agencies in the United States and countries in Europe and Asia. Reports from cybersecurity companies point to cyberattacks that have taken place since April.
in one of the activities Follina crash in Officemalicious actors exploiting the bug in phishing campaigns Qbot malwareis used for data theft. There are also reports of banking trojans and even ransomware spreading.
How to download hotfix?
According to Microsoft, Fix for Follina vulnerability available at: Windows Cumulative Updates June 2022. If your device is programmed to update automatically, you do not need to do anything as the system will download and install the build without any further action.
Otherwise, you will have to open the Windows Update tool in the “Settings” menu of the computer and manually check the availability of the update. Then download the file package and wait for the installation.
Proposing an alternative to mitigate the risks, the Redmond giant said, “Microsoft strongly recommends that customers install updates to fully protect against the vulnerability.” The update also includes fixes for dozens of other bugs, including three critical flaws that haven’t been exploited by cybercriminals until now.
Source: Tec Mundo