Skip to main content
  1. Home
  2. Computing
  3. News

Update Windows now to patch this critical Microsoft Word exploit

By

Microsoft has rolled out security updates as part of its June 2022 Windows updates to address a serious security bug that has targeted programs including Microsoft Word.

The Windows zero-day vulnerability is known as Follina (CVE-2022-30190) by security researchers and is “actively exploited in ongoing attacks,” according to Bleeping Computer.

Recommended Videos

https://twitter.com/wdormann/status/1537075968568877057?s=20&t=kiqSGqhiv31Vo6kLKFdLlg

Related

Microsoft recommends those running Windows 7 or higher update their systems as soon as possible. However, if you have automatic updates set up, you won’t have to take any actions.

Researchers became aware of the security flaw in late May; however, Microsoft appeared to not closely address the situation, offering manual Command prompt workarounds for the issue rather than a software patch.

Vulnerability Analyst Will Dormann noted that the June update rolling out even seems to be misdated, as if it became available in May rather than now.

The first Follina attacks might have started as early as mid-April, “with sextortion threats and invitations to Sputnik Radio interviews as baits,” Bleeping Computer added.

Security researcher CrazymanArmy of Shadow Chaser Group told the publication that Microsoft’s security team rejected his submission at that time as not a “security-related issue.”

The zero-day vulnerability is able to grant hackers access to the Microsoft Support Diagnostic Tool (MSDT), according to the security company Proofpoint. This tool is commonly associated with Microsoft Office and Microsoft Word. From there, hackers are able to access computer back ends, granting them permission to install programs, create new user accounts, and manipulate data on a device.

The first documented Follina attack was traced to a Chinese TA413 hacking group, aimed at the Tibetan diaspora. Follow-up attacks were phishing scams aimed at U.S. and E.U. government agencies. The most recent attacks are connected to the TA570 Qbot affiliate, which is conducting phishing scams with Qbot malware, the publication added.

Editors’ Recommendations

Topics
Fionna Agomuoh
Fionna Agomuoh
Computing Writer
Fionna Agomuoh is a Computing Writer at Digital Trends. She covers a range of topics in the computing space, including…
Microsoft is forced to halt the Windows 11 24H2 update on some PCs
The Surface Pro 11 on a white table in front of a window.

Microsoft’s recent Windows 11 24H2 update is off to a bumpy start. According to a report by Bleeping Computer, users are facing compatibility issues across various hardware and software configurations, prompting the company to temporarily block the update for some devices.

The affected systems include specific Asus laptop models and configurations involving software like Voicemeeter, Safe Exam Browser, and older versions of Easy Anti-Cheat, commonly used in gaming.

Read more
Windows 11 24H2 may crash your PC if you have a certain SSD
The blue screen of death in Windows.

Microsoft's Windows 11 2024 Update, more commonly referred to as 24H2, is here, but it's not without issues. Reports from disgruntled users have flooded various forums, talking about constant blue screens of death (BSOD) that have appeared since they updated to the latest version of Windows. Although Microsoft has yet to officially acknowledge the problem, the users seem to have pinpointed the cause of it, and even found a workaround.

So far, it looks like these crashes are fairly limited in scope, as they seem to happen if you have one of a few Western Digital SSD models. Other SSD vendors appear unaffected so far. As reported on the WD Community Forums, users are getting BSODs with the error "critical process has died" ever since they updated to the 24H2 update.

Read more
Microsoft ends support for this four-year-old Surface device
Microsoft Surface Laptop Go 3 rear view showing lid and logo.

Microsoft has officially ended support for the cheapest device in the Surface lineup, the Surface Laptop Go, after just four years. It can still be upgraded to Windows 11 24H2 and the laptop will still receive security updates, but it won't get any new firmware or driver updates.

The first-generation Surface Laptop Go isn't just an inexpensive laptop -- it's an extremely inexpensive laptop. In 2020, it launched for just $550, a price tag made possible by its limited RAM and storage, alongside a pretty low-resolution screen.

Read more