Threat Advisory

Microsoft released patch of zero-day vulnerability

July 16, 2022 | By Accorian

Microsoft officially patches the zero-day vulnerability known as Follina in the latest Patch Tuesday updates. Along with this, Microsoft also patched 55 other vulnerabilities including 3 critical patches and others marked as Important. The 3 critical vulnerabilities can allow remote code execution attacks. Other vulnerabilities which were patched are Elevation of Privilege, Information Disclosure, Denial of Service, and spoofing issues. You can find the full list of the patches over here.

Microsoft disclosed the Follina vulnerability (CVE-2022-30190) on May 30 as being actively exploited. The vulnerability could potentially execute malicious PowerShell commands via Microsoft Diagnostic Tool (MSDT) by opening a word document. The exploit worked without requiring elevated privileges and even bypasses the need to enable macros. Additionally, this vulnerability bypassed all security protections, including Microsoft Office’s Protected View. Besides this, the security updates also resolved other remote code execution flaws like CVE-2022-30136, CVE-2022-30163, and CVE-2022-30147, which was a privilege escalation vulnerability. 

Microsoft officially stated that it is ending the support for Internet Explorer 11 starting June 15, 2022, on Windows 10 Semi-Annual Channels and Windows 10 IoT Semi-Annual Channels.

 Accorian suggests all system administrators push these necessary patches as soon as possible to eliminate any potential exploitation. 
Source: https://msrc.microsoft.com/update-guide/releaseNote/2022-Jun

Recent Post

Ready to Start?

Ready to Start?​


Drop your CVs to joinourteam@accorian.com

Interested Position

Download Case study

Download SOC2 Guide