Threat Advisory

Microsoft released patch of zero-day vulnerability

July 16, 2022 | By Accorian

Microsoft officially patches the zero-day vulnerability known as Follina in the latest Patch Tuesday updates. Along with this, Microsoft also patched 55 other vulnerabilities including 3 critical patches and others marked as Important. The 3 critical vulnerabilities can allow remote code execution attacks. Other vulnerabilities which were patched are Elevation of Privilege, Information Disclosure, Denial of Service, and spoofing issues. You can find the full list of the patches over here.

Microsoft disclosed the Follina vulnerability (CVE-2022-30190) on May 30 as being actively exploited. The vulnerability could potentially execute malicious PowerShell commands via Microsoft Diagnostic Tool (MSDT) by opening a word document. The exploit worked without requiring elevated privileges and even bypasses the need to enable macros. Additionally, this vulnerability bypassed all security protections, including Microsoft Office’s Protected View. Besides this, the security updates also resolved other remote code execution flaws like CVE-2022-30136, CVE-2022-30163, and CVE-2022-30147, which was a privilege escalation vulnerability. 

Microsoft officially stated that it is ending the support for Internet Explorer 11 starting June 15, 2022, on Windows 10 Semi-Annual Channels and Windows 10 IoT Semi-Annual Channels.

 Accorian suggests all system administrators push these necessary patches as soon as possible to eliminate any potential exploitation. 

Recent Post

    Ready to Start?

    Shukla CPA, d.b.a Accorian Assurance is a licensed, certified public accounting firm registered with the American Institute of Pubic Accountants (AICPA) and the Public Company Accounting Oversight Board (PCAOB). Esha IT Corp d.b.a Accorian is a global leader in cybersecurity and compliance professional services.

    © 2023 Accorian. All Rights Reserved.

      Ready to Start?

      Download Case study

      Download SOC2 Guide

      Human Resources Director

      Posted On: 09 May, 2022

      Drop your CVs to

        Interested Position
        First Name
        Last Name
        Total Experience
        Mobile Number
        Upload Resume