Microsoft patches Follina vulnerability


By Dylan Bushell-Embling
Friday, 17 June, 2022
Microsoft patches Follina vulnerability

Microsoft’s latest Patch Tuesday releases have shone light on a number of new vulnerabilities, according to Ivanti Principal Product Manager Todd Schell.

In a blog post, Schell said Microsoft has this month fixed 33 vulnerabilities with Windows 10 and its associated servers, including the high-profile Follina vulnerability.

The vulnerability, which has been addressed with updates from Windows 7 through Windows 11, allows attackers to exploit the Microsoft Windows Support Diagnostic Tool (MSDT), which allows for remote code execution.

While the vulnerability has been under attack for several months, it has only now been addressed, Schell said.

“This vulnerability fix must have been a late addition this month, because although it shows up in the Vulnerabilities list of the Security Guide, it was not shown in the breakdown of CVEs for each patch,” he noted.

All told, the Patch Tuesday updates resolve 61 unique vulnerabilities, five of which were reissued from April and May.

“Only 3 of the new CVEs are rated as Critical. CVE-2022-30190, surprisingly rated as Important, is the only one reported known to be known exploited and publicly disclosed this month,” Schell said.

“The most important of the three new Critical updates is for CVE-2022-30136, a network file system remote code execution vulnerability impacting Windows Server 2012, Server 2016, and Server 2019. It has a CVSS score of 9.8 due to its Network attack vector and Low complexity to exploit.”

Microsoft has meanwhile revealed that Internet Explorer has officially been discontinued and will no longer be supported in Teams, Office 365 and most versions of the Windows operating system, Schell said.

Microsoft is recommending that business relying on IE11 for critical business functionality instead use IE mode within the Edge browser, a functionality scheduled to be supported until 2029.

Windows 10 1909 Enterprise and Education, 20H2 Professional and Windows Server 20H2 have also reached end of life and will no longer be supported, Schell said. The next round of Windows 10 EOLs is coming in December.

Image credit: ©stock.adobe.com/au/momius

Related News

IMT sector was Australia's most targeted in 2023: report

The information, media and technology sector has been the Australian industry most targeted...

ISACA identifies gaps in AI knowledge, training and policies

85% of digital trust professionals say they will need to increase their AI skills and knowledge...

VNC accounts for nearly all remote desktop attacks

Virtual Network Computing accounted for 98% of remote desktop attacks recorded by Barracuda last...

Content from other channels on our network

Breakfast event to explore connectivity for emergency response

High-frequency operation in a dynamic metasurface antenna

Teltronic and Crosscall agree to integrate their solutions

Global 5G connections reached 1.76 billion in 2023

AceComms partners with Hitachi Energy on industrial internet

GovTEAMS: boosting the efficiency of government and its suppliers

Report exposes unique cybersecurity threats in the public sector

Optimising the value of AI in the public sector

Why SBOMs are critical in the fight against software supply chain attacks

Elastic announces AI-driven attack discovery feature

Why SEHO Selective Systems are changing the way manufacturers solder boards using through hole designs

Eco-friendly battery for low-income countries

Unravelling the mystery of slow electrons

Laser tech used to develop deformable energy storage device

Laser printing on fallen tree leaves produces sensors for medical and laboratory use

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd