Microsoft fixes the Follina flaw

Microsoft fixes the Follina flaw

In its June 2022 Patch Tuesday, Microsoft finally corrects the Follina security flaw which affects all versions of Windows and which was already exploited. Install this update now to protect your PC!

This time, it’s done: Microsoft has finally found a solution to correct the famous 0-day Follina flaw that has been in the headlines for several weeks. The publisher has just released its traditional Patch Tuesday on June 14, 2022, this set of patches deployed on the second Tuesday of each month, which is mainly used to “fix” bugs and fill vulnerabilities in its various products – Windows, Office, etc. If it is always advisable to wait a little before installing it – the time to see if it does not pose more problems than it solves, which happens quite often, alas… –, it seems that times urgent to apply at least the update for Follina, as this flaw is already exploited. Certainly, Microsoft has found a parade to limit the damage, but ‘it was a temporary solution, not very elegant. From now on, the editor affirms it: the problem is solved.

For the record, Follina – officially referenced under the name CVE-2022-30190 – allows you to infect a PC via a corrupted Word document that retrieves an HTML file containing malicious code then executed by a PowerShell command line via the Windows support diagnostic tool. A clever process, all the more dangerous as disabling macros is not enough to guard against an attack. The flaw, which has already been exploited by hackers to target US and European government agencies, has thus been used to spread spyware (spyware), banking Trojans (to steal information) and malware capable of to delete data. Suffice to say that the matter was serious…

Patch Tuesday of June 2022: 55 security vulnerabilities fixed

But the patch deployed in the June 2022 Patch Tuesday for Windows fixes the problem. “Microsoft strongly recommends that users install updates to be fully protected against the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action,” the statement says. Redmond firm. Anyway, take a look in Windows Update without delay, to see in the history if the patch was applied automatically or if you have to do it manually. Note that in addition to Follina, this Patch Tuesday corrects more than 50 vulnerabilities, including the flaws referred to by the sweet names of CVE-2022-30136, CVE-2022-30163 and CVE-2022-30139.

ccn1