• Home
  • Laptops
  • Laptops News
  • Microsoft Releases a Windows Update to Fix 'Follina' Vulnerability Actively Exploited by Hackers

Microsoft Releases a Windows Update to Fix 'Follina' Vulnerability Actively Exploited by Hackers

Shortly after the vulnerability became public, China-backed hackers were able to exploit it to target some Tibetan users.

Microsoft Releases a Windows Update to Fix 'Follina' Vulnerability Actively Exploited by Hackers

Photo Credit: Reuters

Microsoft has urged Windows users to install the update

Highlights
  • Microsoft has made the update for users on Windows 7 and later
  • Windows update fixes the issue impacting MSDT component
  • Microsoft was first made aware about the vulnerability in April

Microsoft has finally released a Windows security fix for the vulnerability that has actively been exploited by hackers. The issue, which was named "Follina" by security researchers, was publicly disclosed last month, though it was initially reported to the Redmond company in April. It enables attackers to hack Windows PCs using a maliciously crafted Microsoft Word document. The security update is available for users on Windows 7 and later. Microsoft has urged users to install the update "as soon as possible" to restrict attackers from gaining access to their systems.

Windows users should install the update by going to the Settings. The update has also been released for systems that are configured to receive automatic updates, Microsoft said in an update to its security advisory.

"Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability," the company noted.

As reported last month, the security issue, which has been tracked as CVE-2022-30190, was disclosed on Twitter by Tokyo-based cybersecurity researcher team Nao_sec. It initially appeared to be impacting Microsoft Office, though Microsoft acknowledged that the flaw was related to Microsoft Diagnostic Tool (MSDT) that comes preloaded on Windows operating system.

Attackers would be able to exploit the vulnerability by executing PowerShell commands and eventually gain control of the MSDT.

Shortly after it became public, the severe vulnerability was found to be exploited by China-based hackers by using malicious Word documents to Tibetan users. When the documents are accessed, the attackers would be able to leverage the exploit to gain MSDT access and run tasks including installation of certain programs or creation of new user accounts.

As reported by Bleeping Computer, the latest update doesn't restrict Microsoft Office from loading Windows URI handlers without user interactions. It, however, limits attackers to get the control of MSDT by executing PowerShell commands.

The security update is available to all users who have a system running Windows 7 or later. Windows 10 versions have received it as KB5014699, while the update is available as KB5014697 on Windows 11 systems.


This week on Orbital, the Gadgets 360 podcast, we discuss the Surface Pro 8, Go 3, Duo 2, and Laptop Studio — as Microsoft sets a vision for Windows 11 hardware. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Jagmeet Singh
Jagmeet Singh writes about consumer technology for Gadgets 360, out of New Delhi. Jagmeet is a principal correspondent for Gadgets 360, and has frequently written about apps, computer security, Internet services, and telecom developments. Jagmeet is available on Twitter at @JagmeetS13 or Email at jagmeets@ndtv.com. Please send in your leads and tips. More
Elista Smart LED TV Lineup Launched in India, Powered by webOS TV: Price, Specifications
OnePlus 10T New Renders Leak Online; Suggest Design Specifications, Colour Options
Share on Facebook Tweet Snapchat Share Reddit Comment
 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2022. All rights reserved.