Microsoft patches Follina vulnerability

By Dylan Bushell-Embling
Friday, 17 June, 2022

Microsoft’s latest Patch Tuesday releases have shone light on a number of new vulnerabilities, according to Ivanti Principal Product Manager Todd Schell.

In a blog post, Schell said Microsoft has this month fixed 33 vulnerabilities with Windows 10 and its associated servers, including the high-profile Follina vulnerability.

The vulnerability, which has been addressed with updates from Windows 7 through Windows 11, allows attackers to exploit the Microsoft Windows Support Diagnostic Tool (MSDT), which allows for remote code execution.

While the vulnerability has been under attack for several months, it has only now been addressed, Schell said.

“This vulnerability fix must have been a late addition this month, because although it shows up in the Vulnerabilities list of the Security Guide, it was not shown in the breakdown of CVEs for each patch,” he noted.

All told, the Patch Tuesday updates resolve 61 unique vulnerabilities, five of which were reissued from April and May.

“Only 3 of the new CVEs are rated as Critical. CVE-2022-30190, surprisingly rated as Important, is the only one reported known to be known exploited and publicly disclosed this month,” Schell said.

“The most important of the three new Critical updates is for CVE-2022-30136, a network file system remote code execution vulnerability impacting Windows Server 2012, Server 2016, and Server 2019. It has a CVSS score of 9.8 due to its Network attack vector and Low complexity to exploit.”

Microsoft has meanwhile revealed that Internet Explorer has officially been discontinued and will no longer be supported in Teams, Office 365 and most versions of the Windows operating system, Schell said.

Microsoft is recommending that business relying on IE11 for critical business functionality instead use IE mode within the Edge browser, a functionality scheduled to be supported until 2029.

Windows 10 1909 Enterprise and Education, 20H2 Professional and Windows Server 20H2 have also reached end of life and will no longer be supported, Schell said. The next round of Windows 10 EOLs is coming in December.

Image credit: ©stock.adobe.com/au/momius