Microsoft has released security updates as part of its June 2022 Windows updates to address a major security bug that has been targeted at programs including Microsoft Word.
Windows’ zero-day vulnerability is known as Follina (CVE-2022-30190) by security researchers and is “actively exploited in ongoing attacks”, according to Blooming Computer.
Interestingly, if you have the June update installed, you may choose to make your system vulnerable to Follina / CVE-2022-30190 again if you set the TurnOffCheck registry value.
Supposedly Microsoft has some customers where they need to be vulnerable to this? ⁇ pic.twitter.com/PK5Wd9e7To
– Will Dormann (@wdormann) June 15, 2022
Microsoft recommends that those running Windows 7 or higher upgrade their systems as soon as possible. However, if you have automatic updates installed, you will not have to take any actions.
Researchers became aware of the security flaw in late May; however, Microsoft did not seem to deal with the situation closely, offering manual Command Prompt solutions to the issue rather than a software patch.
Vulnerability Analyst Will Dormann noted that the June update rolling even seems to be out of date, as if it were available in May rather than now.
The first Follina attacks may have started in mid-April, “with sex threats and invitations to Sputnik Radio interviews as bait”, Blooming Computer added.
Shadow Chaser Group security researcher CrazymanArmy told the publication that Microsoft’s security team had rejected his presentation at the time as not a “security issue”.
The zero-day vulnerability is capable of giving hackers access to the Microsoft Support Diagnostic Tool (MSDT), according to security firm Proofpoint. This tool is often associated with Microsoft Office and Microsoft Word. From there, hackers can access computer back-ends, giving them permission to install programs, create new user accounts, and manipulate data on a device.
The first documented Follina attack was traced to a Chinese TA413 hacking group targeting the Tibetan diaspora. Subsequent attacks were phishing scams aimed at US and EU government agencies. The most recent attacks are connected to the TA570 Qbot affiliate, which commits phishing scams with Qbot malware, the publication added.