Microsoft Fixes Follina Remote Code Execution Vulnerability

Microsoft Fixes Follina Remote Code Execution Vulnerability

As part of its Patch Tuesday upgrades, Microsoft has finally published remedies to address the actively exploited Windows zero-day vulnerability known as Follina. Three of the 55 faults are critical, 51 are important, and one is moderate in severity, all of which are remedied by the tech giant. Microsoft also fixed five other issues with its Edge browser.

Invoking the Windows Support Diagnostic Tool (MSDT) from an application like Word might result in a remote code execution vulnerability, which is tracked as CVE-2022-30190 (CVSS score: 7.8). In order to exploit the issue, a malicious HTML file can be downloaded and loaded into a Word document using Word’s remote template capability. In the end, the HTML file allows the attacker to run PowerShell code on the Windows operating system.

Read More:

It is possible for an attacker to execute arbitrary code with the caller application’s rights, as stated by Microsoft in an advisory. “In the context allowed by the user’s rights, the attacker can then install applications, read, alter, or remove data, or establish new accounts.” To exploit Follina, an attacker doesn’t need to deceive victims into enabling macros, eliminating the need for macros in order to launch the attack.

A number of malicious payloads, including AsyncRAT, QBot, and other information-stealing malware, have been deployed as a result of the issue’s disclosure late last month. Follina has been abused in the wild since at least April 12, 2022, according to the evidence. Additional remote code execution weaknesses in Windows Network File System, Windows Hyper-V, Windows Lightweight Directory Access Protocol, Microsoft Office, HEVC Video Extensions, and Azure RTOS GUIX Studio are also addressed in the cumulative security update.

CVE-2022-30147 (CVSS score: 7.8), an elevation of privilege vulnerability affecting Windows Installer, has been categorized by Microsoft as an “Exploitation More Likely” issue. According to Immersive Labs’ director of cyber threat research, Kev Breen, an attacker who gains initial access to a system can elevate that access to that of an administrator, allowing them to disable security mechanisms. Before encrypting the files, this enables access to more sensitive data in the case of a ransomware assault.

For the first time since January 2022, the Print Spooler component has not been updated in the latest set of patches. Also, Microsoft has announced that it would no longer be providing technical support for Internet Explorer 11 on Windows 10 Semi-Annual Channels and Windows 10 IoT Semi-Annual Channels starting on June 15, 2022.

Microsoft Shores Up DCOM Servers

CVE-2021-26414 was updated by Microsoft to begin the next round of its DCOM hardening procedure in Windows. During the first phase, which was completed in June 2021, Microsoft reinforced Windows clients with DCOM.

This month, Microsoft released an update to DCOM servers that makes them more secure. It is possible for administrators to reverse the modification via a registry key adjustment, however, this will not be available in the next phase of the project. Organizations using legacy software may encounter difficulties if they haven’t thoroughly tested the modifications and haven’t sought advice from their vendors.

For more information like this do visit

You might also like

Leave a Reply

Your email address will not be published. Required fields are marked *