Microsoft has patched a Windows vulnerability that hackers actively exploit. If you own a system that uses Windows 7 and above, you’ll want to update your computer as soon as possible (through beeping computer†
The security flaw, dubbed Follina (CVE-2022-30190) by researchers, allows malicious parties to hijack users’ computers through programs such as Microsoft Word. Security researchers are aware of the threat since late May, but Microsoft reportedly rejected their initial findings.
In an attack documented by security firm Proofpoint, hackers with ties to the Chinese government sent malicious Word documents to Tibetan recipients. When opened, these documents use the Follina exploit to take control of the Microsoft Support Diagnostic Tool (MSDT) to run commands that can be used to install programs, create new user accounts, and save data stored on them. stored on a computer, open, delete or modify it. the exploit has also been used in phishing campaigns aimed at US and European government agencies.
Original warning from Microsoft about the threat provided workarounds to protect you from the threat, but this update (KB5014699 for Windows 10 and KB5014697 for Windows 11) should make that redundant. “Microsoft strongly recommends that customers install the updates to be fully protected against the vulnerability,” said Microsoft. “Customers whose systems are configured to receive automatic updates do not need to take any further action.”