Skip to main content

Update Windows now to patch this critical Microsoft Word exploit

Microsoft has rolled out security updates as part of its June 2022 Windows updates to address a serious security bug that has targeted programs including Microsoft Word.

The Windows zero-day vulnerability is known as Follina (CVE-2022-30190) by security researchers and is “actively exploited in ongoing attacks,” according to Bleeping Computer.

Interestingly, if you have June's update installed, you can choose to make your system vulnerable to Follina / CVE-2022-30190 again if you set the TurnOffCheck registry value.
Presumably Microsoft has some customers where they need to be vulnerable to this? 🤔

— Will Dormann (@wdormann) June 15, 2022

Microsoft recommends those running Windows 7 or higher update their systems as soon as possible. However, if you have automatic updates set up, you won’t have to take any actions.

Researchers became aware of the security flaw in late May; however, Microsoft appeared to not closely address the situation, offering manual Command prompt workarounds for the issue rather than a software patch.

Vulnerability Analyst Will Dormann noted that the June update rolling out even seems to be misdated, as if it became available in May rather than now.

The first Follina attacks might have started as early as mid-April, “with sextortion threats and invitations to Sputnik Radio interviews as baits,” Bleeping Computer added.

Security researcher CrazymanArmy of Shadow Chaser Group told the publication that Microsoft’s security team rejected his submission at that time as not a “security-related issue.”

The zero-day vulnerability is able to grant hackers access to the Microsoft Support Diagnostic Tool (MSDT), according to the security company Proofpoint. This tool is commonly associated with Microsoft Office and Microsoft Word. From there, hackers are able to access computer back ends, granting them permission to install programs, create new user accounts, and manipulate data on a device.

The first documented Follina attack was traced to a Chinese TA413 hacking group, aimed at the Tibetan diaspora. Follow-up attacks were phishing scams aimed at U.S. and E.U. government agencies. The most recent attacks are connected to the TA570 Qbot affiliate, which is conducting phishing scams with Qbot malware, the publication added.

Editors' Recommendations

Fionna Agomuoh
Fionna Agomuoh is a technology journalist with over a decade of experience writing about various consumer electronics topics…
Windows 11 may bring Live Tiles back from the dead — sort of
windows 8 1 everything you need to know live tiles

The latest Windows 11 Canary build 26212 has quietly introduced support for what is being called "Start Menu Companions." These are small widget-like apps designed to appear alongside your pinned apps or the "All apps" list in the Start Menu.

By the looks of it, these companions would offer at-a-glance information such as weather updates, stock prices, and more. And yes, they share a lot in common with the now-defunct Live Tiles feature from previous versions of Windows. They lack the bright colors and blocky shapes, but they would function in a very similar way.

Read more
Scores of people are downgrading back to Windows 10
The screen of the Galaxy Book4 Ultra.

Microsoft continues to struggle with the adoption of Windows 11 among its users. Recent data from Statcounter reveals a notable decline in the operating system’s market share, specifically compared with Windows 10.

After reaching an all-time high of 28.16% in February 2024, Windows 11 has experienced a drop, falling below the 26% mark.

Read more
The latest Windows update is breaking VPN connections
Windows Update running on a laptop.

Microsoft has acknowledged that the Windows security updates for April 2024 (KB5036893 for Windows 11, KB5036892 for Windows 10) are causing disruptions to virtual private network (VPN) connections across various client and server platforms. According to information on the Windows health dashboard, devices running Windows may experience VPN connection failures following the installation of either the April 2024 security update or the April 2024 non-security preview update.

The company has also stated that it is actively investigating user reports regarding these issues and will share more details in the coming days. The impacted Windows versions include Windows 11, Windows 10, and Windows Server 2008 onward.

Read more