Skip to main content

Update Windows now to patch this critical Microsoft Word exploit

Microsoft has rolled out security updates as part of its June 2022 Windows updates to address a serious security bug that has targeted programs including Microsoft Word.

The Windows zero-day vulnerability is known as Follina (CVE-2022-30190) by security researchers and is “actively exploited in ongoing attacks,” according to Bleeping Computer.

Interestingly, if you have June's update installed, you can choose to make your system vulnerable to Follina / CVE-2022-30190 again if you set the TurnOffCheck registry value.
Presumably Microsoft has some customers where they need to be vulnerable to this? 🤔 pic.twitter.com/PK5Wd9e7To

— Will Dormann (@wdormann) June 15, 2022

Microsoft recommends those running Windows 7 or higher update their systems as soon as possible. However, if you have automatic updates set up, you won’t have to take any actions.

Researchers became aware of the security flaw in late May; however, Microsoft appeared to not closely address the situation, offering manual Command prompt workarounds for the issue rather than a software patch.

Vulnerability Analyst Will Dormann noted that the June update rolling out even seems to be misdated, as if it became available in May rather than now.

The first Follina attacks might have started as early as mid-April, “with sextortion threats and invitations to Sputnik Radio interviews as baits,” Bleeping Computer added.

Security researcher CrazymanArmy of Shadow Chaser Group told the publication that Microsoft’s security team rejected his submission at that time as not a “security-related issue.”

The zero-day vulnerability is able to grant hackers access to the Microsoft Support Diagnostic Tool (MSDT), according to the security company Proofpoint. This tool is commonly associated with Microsoft Office and Microsoft Word. From there, hackers are able to access computer back ends, granting them permission to install programs, create new user accounts, and manipulate data on a device.

The first documented Follina attack was traced to a Chinese TA413 hacking group, aimed at the Tibetan diaspora. Follow-up attacks were phishing scams aimed at U.S. and E.U. government agencies. The most recent attacks are connected to the TA570 Qbot affiliate, which is conducting phishing scams with Qbot malware, the publication added.

Editors' Recommendations

Fionna Agomuoh
Fionna Agomuoh is a technology journalist with over a decade of experience writing about various consumer electronics topics…
Windows 12: the top features we want to see in the rumored OS
A laptop running Windows 11.

Windows 12 might be in development at Microsoft, at least according to the latest rumors. A leak from Intel made mention of Windows 12, and with a new Windows Insider channel promising cutting-edge versions of the operating system, it seems Microsoft is eyeing the next major release.

Windows 11 is less than two years old, but reports say Microsoft could release Windows 12 as soon as 2024. Microsoft hasn't made any official announcements yet, but it's still not too early to get a wish list going. Here's what I want to see out of the next major version of Windows.
A set Windows 12 release date

Read more
Windows 11 vs. Windows 10: finally time to upgrade?
The screen of the Surface Pro 9.

Windows 11 is the newest version of Windows, and it's one of the best Windows versions released. At launch, the operating system was very similar to Windows 10, but it has morphed a lot over the past several years. Now, Windows 11 has several key differences compared to Windows 10.

If you've been holding out on upgrading, we have everything you need to know about Windows 11 and how it's different than Windows 10 in this article. We'll detail the differences, as well as show you the areas where Windows 11 is growing faster than Windows 10.
Windows 11 vs. Windows 10: what's new

Read more
I hope Microsoft adds this rumored AI feature to Windows 11
A Windows 11 device sits on a table.

From smart speakers to ChatGPT and Bing Chat, AI has slowly crept into our lives, but not all instances of AI are as prominent as those three examples. Sometimes, the effect is subtle, but still pretty nice. It appears that Microsoft is working on one such instance of AI-enhanced tech that could make using Windows 11 just a little more pleasant. We're talking about AI-powered live wallpapers, and they might be coming soon.

First spotted by Windows Latest, Microsoft is readying an AI-powered desktop that could make the whole user experience feel a lot more interactive. The idea is to adjust depth perception and make some backgrounds appear more "alive" when moving your cursor or the entire device. The wallpaper might move or shift, depending on what you're doing on the desktop.

Read more