Act Now to Fix Under Attack Microsoft Windows 0-Day Hack

Just a week ago, I warned that a 0-day hack, allowing an attacker to execute code remotely on most versions of Microsoft Windows and Windows Server, was already being exploited in the wild. The attacks used malicious Microsoft Office documents, but not with the usual macro-based methodology. Instead, Follina, as CVE-2022-30190 quickly became known, used vulnerabilities in the Microsoft Windows Support Diagnostic Tool (MSDT) and could even run without needing to open the document in certain operating scenarios.

MORE FORBESThis new hack scans iPhone and Android screens without touching themBy Davey Winder

Since no emergency, out-of-band patch was forthcoming, it was hoped that the June Patch Tuesday security update would include Follina. However, with Patch Tuesday rolling out yesterday, there was no mention of CVE-2022-30190 in the documented patches. At first, this seemed to suggest that Microsoft (which still hasn’t responded to my request for a statement regarding Follina, by the way) was using the “it’s a feature, not a bug” defense. However, while CVE-2022-30190 is conspicuously absent, it appears that was not the case.

MORE FORBESNew critical security update for millions of Windows 10, 11 and Server usersBy Davey Winder

The Microsoft Security Update Guide entry for CVE-2022-30190 has been changed to read: “A full vendor solution is available. Either the vendor has released an official patch or an upgrade is available.” Scrolling down to the FAQ section, the confirmation is complete with this answer to the question is there an update available: “Yes, updates are available. Microsoft recommends installing updates of June as soon as possible.”

“Microsoft today released a patch for an existing vulnerability in Microsoft Office using the Microsoft Support Diagnostic Tool. Malicious code, operating stealthily in preview mode, triggers the exploit in preview mode. The user does not have to open the document directly to activate the malware,” confirmed Ken Smiley, director of special projects at Tanium. “It is imperative that companies immediately remediate and mitigate this emerging threat across their entire enterprise environment,” Smiley concluded.

You know what to do, install the June 2022 Patch Tuesday updates now.