Microsoft patches Follina vulnerability


By Dylan Bushell-Embling
Friday, 17 June, 2022
Microsoft patches Follina vulnerability

Microsoft’s latest Patch Tuesday releases have shone light on a number of new vulnerabilities, according to Ivanti Principal Product Manager Todd Schell.

In a blog post, Schell said Microsoft has this month fixed 33 vulnerabilities with Windows 10 and its associated servers, including the high-profile Follina vulnerability.

The vulnerability, which has been addressed with updates from Windows 7 through Windows 11, allows attackers to exploit the Microsoft Windows Support Diagnostic Tool (MSDT), which allows for remote code execution.

While the vulnerability has been under attack for several months, it has only now been addressed, Schell said.

“This vulnerability fix must have been a late addition this month, because although it shows up in the Vulnerabilities list of the Security Guide, it was not shown in the breakdown of CVEs for each patch,” he noted.

All told, the Patch Tuesday updates resolve 61 unique vulnerabilities, five of which were reissued from April and May.

“Only 3 of the new CVEs are rated as Critical. CVE-2022-30190, surprisingly rated as Important, is the only one reported known to be known exploited and publicly disclosed this month,” Schell said.

“The most important of the three new Critical updates is for CVE-2022-30136, a network file system remote code execution vulnerability impacting Windows Server 2012, Server 2016, and Server 2019. It has a CVSS score of 9.8 due to its Network attack vector and Low complexity to exploit.”

Microsoft has meanwhile revealed that Internet Explorer has officially been discontinued and will no longer be supported in Teams, Office 365 and most versions of the Windows operating system, Schell said.

Microsoft is recommending that business relying on IE11 for critical business functionality instead use IE mode within the Edge browser, a functionality scheduled to be supported until 2029.

Windows 10 1909 Enterprise and Education, 20H2 Professional and Windows Server 20H2 have also reached end of life and will no longer be supported, Schell said. The next round of Windows 10 EOLs is coming in December.

Image credit: ©stock.adobe.com/au/momius

Related News

Australian ransomware payments average at $9.27 million

Data from Sophos suggests that Australian businesses falling victim to a ransomware attack...

Akamai launches zero trust platform

Akamai's new Guardicore platform combined Zero Trust Network Access with microsgmentation to...

Veeam buys ransomware response company Coveware

Veeam has arranged to augment its cyber extortion incident response capabilities with the...

Content from other channels on our network

Govt funds telco resilience tech, responds to LEOSat report

Extreme enclosure heli-lifted into an extreme environment

Cyber secured at critical network device level has never been more important

Cradlepoint 'Vehicle as a Node' is the Next Frontier for Emergency Services

Govt responds to post-incident review of Optus outage

When does a conductor not conduct?

Purdue-created tech makes 3D microscopes easier to use

Cracking the code on spin currents

Recyclable circuit board turns to jelly for disassembly

The potential of flexible thin-film electronics for chip design

LAPP ÖLFLEX CLASSIC 110 control cables empower industrial connectivity

Delivering Dependable Fibre Optic Solutions for Challenging Environments through Enhanced Beam Cable Assemblies

Indonesia moves towards power grid resilience

Qld networks launch powerline safety campaign

Virtual power plants installed at regional schools

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd