Microsoft patches Follina, a Windows vulnerability that is exploited from Office

Microsoft has released a patch for the Follina vulnerability, which affects all versions of Windows and is closely related to the tools of the Microsoft Office suite, since it is exploited through them. The company has released the patch as part of its June Patch Tuesday package, which according to The Register includes security updates that fix 55 vulnerabilities in total.

Follina, whose existence the company acknowledged last month, is probably the most dangerous of them all. As explained in MuySeguridad, it allows cyberattackers to use a flaw that has been called CVE-2022-30190to use the remote code execution technique to gain access to a system in order to execute malicious code on it.

To do this, the attackers prepare a file to be opened by an Office application, such as Microsoft Word. The attackers then use an Office feature to retrieve an HTML file that makes a call to Windows Diagnostics and Support, which executes the malicious code. In many attacks that are carried out through Microsoft Word, it is enough to disable the macros so that they do not execute. But in this case, disabling macros in Word fails to prevent the attack.

Since last May, several cyberattackers, both individuals and groups, and even gangs supported by certain countries, have used Follina to threaten or compromise the networks and information of various organizations. Among them, several European and American government agencies. With their attacks they have used, among other things, the Qbot malware to steal data. They have also deleted information from the computers they have accessed, and installed banking Trojans. In short, they have caused quite serious damage to many organizations and entities.

As it could not be otherwise, Microsoft strongly recommends that Windows users install the package of patches and security updates that they have just released. In this way they will be able to eliminate not only Follina, but also other critical vulnerabilities that have not yet been exploited.

The most serious of these affects the Windows Network File System (NFS) and is called CVE-2022-30136. The company points out that it is possible that cyber attackers will be able to exploit it in time. It allows an attacker who has already accessed a network where the unprotected computers are located to make a prepared call without having to identify themselves to an NFS service to execute code remotely. It gives it a severity score of 9.8 out of 10.

The second critical vulnerability, located in the Windows Hyper-V hypervisor, is called CVE-2022-30163. Exploiting it is complicated, since for this you have to achieve a certain condition in an application. But if successful, it could be used to move from a virtual guest machine to the host, where attackers could do quite a bit of damage to the system. the third is CVE-2022-30139. It is in the Windows LDAP code, although by default, systems should not be exploitable, so it is not as dangerous as the previous ones.

Related Articles

Leave a Reply

Your email address will not be published.