Microsoft‘s June 2022 cumulative Windows Updates is addressing Follina, a critical zero-day vulnerability, tracked as CVE-2022-30190, being exploited for almost two weeks. CISA and various cyber security firms warned users about the vulnerability and stated that hacker groups are targeting the vulnerability shortly after it is discovered. On the 30th of May, the software giant published mitigation for the MSDT vulnerability. Shortly after Microsoft’s announcement, some cyber security companies released unofficial patches for the vulnerability.
Two weeks later
Microsoft Windows Support Diagnostic Tool remote code execution flaw, which affects all Windows versions, allows attackers to execute PowerShell commands by using MSDT while calling applications, such as Word. The vulnerability allows attackers to install programs, view, change, delete data, or create new accounts in the context allowed by the user’s rights. In the advisory, Microsoft said,
« The update for this vulnerability is in the June 2022 cumulative Windows Updates. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action. »
The attackers were crafting files, such as a Word document, that calls out the Microsoft Windows Support Diagnostic Tool. Then it is exploited to run malicious codes, including spyware and ransomware. Cyber security analysts stated that disabling macros in Word isn’t enough to stop the incoming attacks.