Microsoft Fixed Follina Vulnerability and 55 Other Bugs

As part of the June Patch Tuesday, Microsoft finally fixed the Follina Critical Vulnerability associated with Windows MSDT, and fixed 55 more bugs in its products.

As a reminder, Follina (CVE-2022-30190) is a remote code execution issue in the Microsoft Windows Support Diagnostic Tool (MSDT) and affects all versions of Windows that receive security updates (that is, Windows 7 and above and Server 2008 and above). For several weeks now, the vulnerability has been under active attack by hackers.

Recall also that we wrote that, for example, Trojan Qbot Took Advantage of the Famous Follina Vulnerability.

Attackers could use 0-day to randomly execute code with the privileges of the calling application, using the bug to install programs, view, modify or delete data, and create new Windows accounts (depending on the rights of the compromised user).

The vulnerability could be exploited to execute arbitrary code by opening a Word document normally or by previewing it in File Explorer by running malicious PowerShell commands through MSDT.security experts warned back in May.

And while recent updates won’t prevent Microsoft Office from automatically loading URI handlers without user interaction, they do block PowerShell injections, shutting down this attack vector.

In addition to the long-awaited patch for Follina, Microsoft developers have submitted fixes for another 55 vulnerabilities, three of which were classified as “critical” because they allow arbitrary code execution remotely: CVE-2022-30136 (RCE on Windows NFS), CVE-2022-30163 ( RCE on Windows Hyper-V) and CVE-2022-30139 (RCE on Windows LDAP). Five more bugs have been fixed separately in the Microsoft Edge browser.

It is worth noting that the most serious of the three critical vulnerabilities (CVE-2022-30136) received a score of 9.8 points out of 10 possible on the CVSS scale. The issue affects the Windows Network File System (NFS). Microsoft says that exploitation of this bug by hackers is “likely”, and explains that this can happen if an attacker already infiltrating the victim’s network makes an unauthenticated, specially crafted call to the NFS service for remote code execution.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *