Skip to main content
  1. Home
  2. Computing
  3. News

Update Windows now to patch this critical Microsoft Word exploit

By

Microsoft has rolled out security updates as part of its June 2022 Windows updates to address a serious security bug that has targeted programs including Microsoft Word.

The Windows zero-day vulnerability is known as Follina (CVE-2022-30190) by security researchers and is “actively exploited in ongoing attacks,” according to Bleeping Computer.

Recommended Videos

https://twitter.com/wdormann/status/1537075968568877057?s=20&t=kiqSGqhiv31Vo6kLKFdLlg

Related: 
Best new movies to stream on Netflix, Hulu, Prime Video, HBO Max, and more

Microsoft recommends those running Windows 7 or higher update their systems as soon as possible. However, if you have automatic updates set up, you won’t have to take any actions.

Researchers became aware of the security flaw in late May; however, Microsoft appeared to not closely address the situation, offering manual Command prompt workarounds for the issue rather than a software patch.

Vulnerability Analyst Will Dormann noted that the June update rolling out even seems to be misdated, as if it became available in May rather than now.

The first Follina attacks might have started as early as mid-April, “with sextortion threats and invitations to Sputnik Radio interviews as baits,” Bleeping Computer added.

Security researcher CrazymanArmy of Shadow Chaser Group told the publication that Microsoft’s security team rejected his submission at that time as not a “security-related issue.”

The zero-day vulnerability is able to grant hackers access to the Microsoft Support Diagnostic Tool (MSDT), according to the security company Proofpoint. This tool is commonly associated with Microsoft Office and Microsoft Word. From there, hackers are able to access computer back ends, granting them permission to install programs, create new user accounts, and manipulate data on a device.

The first documented Follina attack was traced to a Chinese TA413 hacking group, aimed at the Tibetan diaspora. Follow-up attacks were phishing scams aimed at U.S. and E.U. government agencies. The most recent attacks are connected to the TA570 Qbot affiliate, which is conducting phishing scams with Qbot malware, the publication added.

Fionna Agomuoh
Fionna Agomuoh
Computing Writer
Fionna Agomuoh is a Computing Writer at Digital Trends. She covers a range of topics in the computing space, including…
Topics

Editors’ Recommendations

Windows 11 is getting a lot of new features, here’s how to check if your PC qualifies
Copilot+ PC laptop.

In a Windows Insider blog post, Microsoft announces some exciting new features coming to Windows 11, including Reading Coach integration, improved Voice Access, and AI-enhanced Search. These upgrades are part of preview build 26120.3872 in the Beta channel. However, some upcoming features will only be available on Copilot+ PCs, a new category of AI-powered devices that run on Snapdragon (ARM-based) chips.

Beyond the features highlighted in this preview, more Copilot+ features are already on the horizon. For example, Microsoft recently confirmed that Recall, which raised privacy concerns, is coming to Windows 11 in build 26100.3902 (KB5055627), now available in the Release Preview Channel. That means it's just one step away from general release and likely to arrive soon on eligible Copilot+ devices.

Read more
Microsoft’s Copilot Vision AI is now free to use in Edge
Copilot Vision graphic.

After months of teasers, previews, and select rollouts, Microsoft's Copilot Vision is now available to try for all Edge users in the U.S. The flashy new AI tool is designed to watch your screen as you browse so you can ask it various questions about what you're doing and get useful context-appropriate responses.

The feature works for "most" sites, according to Microsoft but it gives you a list of recommendations to start with. We have Amazon, which makes sense, but also Geoguessr? I'm pretty sure the point of that site is to try and guess where you are on the map without any help. Anyway, the full list of starter sites is as follows:

Read more
Copilot is Microsoft’s cue to redeem Windows and edge past macOS
The new Surface Laptop 13 on a white table.

There is always going to be a big divide between macOS and Windows. Much of it has to do with the functional disparities that are deeply ingrained at an OS-level. Or if you dive into the heated community debates, you will see it broadly as a battle between seamlessness and flexibility. 

Gaming remains the guiding star for Windows adherents. A handful of highly specialized niche industry tools also remain locked to the Microsoft platform. On the other hand, macOS fans swear by the fluid software, plenty of firepower options in the M-series silicon era, and fantastic hardware. 

Read more