Follina fixed in Microsoft Patch Tuesday update
54 other vulnerabilities, three Critical, also patched in Microsoft's June update
Microsoft's latest monthly batch of patches includes a fix for Follina, the zero-day remote code execution flaw tracked as CVE-2022-30190 that was discovered in May, and which has apparently been exploited by state-backed threat actors.
The patch for Follina is available as part of the June 2022 cumulative updates and as a standalone security update for Windows Server.
Follina is a flaw that allows attackers to execute arbitrary code via the Microsoft Support Diagnostic Tool (MSDT) via an infected Word document. The vulnerability can be exploited even if macros are disabled.
There have been several reports of threat actors exploiting the Follina flaw, including a group delivering the QBot banking malware and a suspected Chinese threat group targeting Tibetan activists.
Threat groups have also been observed deploying the remote access Trojan AsyncRAT, and Russian state-sponsored group Sandworm is suspected of sending tainted attachments to Ukrainian media organisations.
In total, Microsoft has provided updates to patch 55 vulnerabilities, with three classified as Critical.
One, of these is a Windows Hyper-V Remote Code Execution Vulnerability (tracked as CVE-2022-30163), which could allow an attacker to run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to execute arbitrary code. Another (CVE-2022-30139) is a hard-to-exploit but nevertheless serious Windows LDAP remote code execution (RCE) flaw; and the third Critical vulnerability fixed is CVE-2022-30136, a Windows Network File System RCE.
The other vulnerabilities are classified as Important.