Microsoft patches Follina vulnerability


By Dylan Bushell-Embling
Friday, 17 June, 2022

Microsoft patches Follina vulnerability

Microsoft’s latest Patch Tuesday releases have shone light on a number of new vulnerabilities, according to Ivanti Principal Product Manager Todd Schell.

In a blog post, Schell said Microsoft has this month fixed 33 vulnerabilities with Windows 10 and its associated servers, including the high-profile Follina vulnerability.

The vulnerability, which has been addressed with updates from Windows 7 through Windows 11, allows attackers to exploit the Microsoft Windows Support Diagnostic Tool (MSDT), which allows for remote code execution.

While the vulnerability has been under attack for several months, it has only now been addressed, Schell said.

“This vulnerability fix must have been a late addition this month, because although it shows up in the Vulnerabilities list of the Security Guide, it was not shown in the breakdown of CVEs for each patch,” he noted.

All told, the Patch Tuesday updates resolve 61 unique vulnerabilities, five of which were reissued from April and May.

“Only 3 of the new CVEs are rated as Critical. CVE-2022-30190, surprisingly rated as Important, is the only one reported known to be known exploited and publicly disclosed this month,” Schell said.

“The most important of the three new Critical updates is for CVE-2022-30136, a network file system remote code execution vulnerability impacting Windows Server 2012, Server 2016, and Server 2019. It has a CVSS score of 9.8 due to its Network attack vector and Low complexity to exploit.”

Microsoft has meanwhile revealed that Internet Explorer has officially been discontinued and will no longer be supported in Teams, Office 365 and most versions of the Windows operating system, Schell said.

Microsoft is recommending that business relying on IE11 for critical business functionality instead use IE mode within the Edge browser, a functionality scheduled to be supported until 2029.

Windows 10 1909 Enterprise and Education, 20H2 Professional and Windows Server 20H2 have also reached end of life and will no longer be supported, Schell said. The next round of Windows 10 EOLs is coming in December.

Image credit: ©stock.adobe.com/au/momius

Related News

CrowdStrike to buy Adaptive Shield

CrowdStrike is augmenting its SaaS security capabilities through the acquisition of Israeli-based...

LockBit named nastiest malware of 2024

LockBit, a ransomware malware known to have been used to attack Australian targets, has been...

Extreme Networks launches ZTNA solution

Extreme Networks' new ExtremeCloud Universal ZTNA solution combines cloud network access...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd