Microsoft has released a patch from Windows versions 7 and up, that fixes a critical security flaw called Follina, that let hackers take over systems using applications like Microsoft Word.
The Redmond technology giant has now patched the issue, and released a cumulative June 2022 update that addresses the flaw.
As spotted by Bleeping Computer, Microsoft has urged customers to install it and update their systems, "as soon as possible," stating that customers, "install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action."
This flaw has been actively exploited, and gives threat actors the ability to run malicious code, and take control of programs installed on the device. They can also create and delete Windows accounts.
Surprisingly as Vulnerability Analyst at CERT/CC, Will Dormann found out the patches are listed as released in May, despite it being only two days since they were put out. He also notes that that it still possible to make the machine vulnerable to the flaw using a registry hack.
Interestingly, if you have June's update installed, you can choose to make your system vulnerable to Follina / CVE-2022-30190 again if you set the TurnOffCheck registry value. Presumably Microsoft has some customers where they need to be vulnerable to this? pic.twitter.com/PK5Wd9e7To— Will Dormann (@wdormann) June 15, 2022
It's highly recommended that you download and install this patch as soon as possible, this is a known and actively exploited flaw that has been used by Chinese hackers to infiltrate the Tibetan administration.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
