Microsoft patches Follina vulnerability


By Dylan Bushell-Embling
Friday, 17 June, 2022
Microsoft patches Follina vulnerability

Microsoft’s latest Patch Tuesday releases have shone light on a number of new vulnerabilities, according to Ivanti Principal Product Manager Todd Schell.

In a blog post, Schell said Microsoft has this month fixed 33 vulnerabilities with Windows 10 and its associated servers, including the high-profile Follina vulnerability.

The vulnerability, which has been addressed with updates from Windows 7 through Windows 11, allows attackers to exploit the Microsoft Windows Support Diagnostic Tool (MSDT), which allows for remote code execution.

While the vulnerability has been under attack for several months, it has only now been addressed, Schell said.

“This vulnerability fix must have been a late addition this month, because although it shows up in the Vulnerabilities list of the Security Guide, it was not shown in the breakdown of CVEs for each patch,” he noted.

All told, the Patch Tuesday updates resolve 61 unique vulnerabilities, five of which were reissued from April and May.

“Only 3 of the new CVEs are rated as Critical. CVE-2022-30190, surprisingly rated as Important, is the only one reported known to be known exploited and publicly disclosed this month,” Schell said.

“The most important of the three new Critical updates is for CVE-2022-30136, a network file system remote code execution vulnerability impacting Windows Server 2012, Server 2016, and Server 2019. It has a CVSS score of 9.8 due to its Network attack vector and Low complexity to exploit.”

Microsoft has meanwhile revealed that Internet Explorer has officially been discontinued and will no longer be supported in Teams, Office 365 and most versions of the Windows operating system, Schell said.

Microsoft is recommending that business relying on IE11 for critical business functionality instead use IE mode within the Edge browser, a functionality scheduled to be supported until 2029.

Windows 10 1909 Enterprise and Education, 20H2 Professional and Windows Server 20H2 have also reached end of life and will no longer be supported, Schell said. The next round of Windows 10 EOLs is coming in December.

Image credit: ©stock.adobe.com/au/momius

Related News

Veeam buys ransomware response company Coveware

Veeam has arranged to augment its cyber extortion incident response capabilities with the...

Commvault arranges to buy Appranix

Cyber resilience provider Commvault plans to leverage its acquisition of Appranix to help...

Fujitsu establishes security consulting division

Fujitsu's new digital security consulting division will help organisations prepare for and...

Content from other channels on our network

Extreme enclosure heli-lifted into an extreme environment

Cyber secured at critical network device level has never been more important

Cradlepoint 'Vehicle as a Node' is the Next Frontier for Emergency Services

Govt responds to post-incident review of Optus outage

UHF CB — you must be joking!

The potential of flexible thin-film electronics for chip design

Drive the future of transportation with SCHURTER

Australia's largest electronics expo returns to Sydney

Robotic lab enhances battery manufacturing

Machine learning used to create fabric-based touch sensor

LAPP ÖLFLEX CLASSIC 110 control cables empower industrial connectivity

Delivering Dependable Fibre Optic Solutions for Challenging Environments through Enhanced Beam Cable Assemblies

Indonesia moves towards power grid resilience

Qld networks launch powerline safety campaign

Virtual power plants installed at regional schools

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd