Skip to main content

Update Windows now to patch this critical Microsoft Word exploit

Microsoft has rolled out security updates as part of its June 2022 Windows updates to address a serious security bug that has targeted programs including Microsoft Word.

The Windows zero-day vulnerability is known as Follina (CVE-2022-30190) by security researchers and is “actively exploited in ongoing attacks,” according to Bleeping Computer.

Related Videos

Interestingly, if you have June's update installed, you can choose to make your system vulnerable to Follina / CVE-2022-30190 again if you set the TurnOffCheck registry value.
Presumably Microsoft has some customers where they need to be vulnerable to this? 🤔

— Will Dormann (@wdormann) June 15, 2022

Microsoft recommends those running Windows 7 or higher update their systems as soon as possible. However, if you have automatic updates set up, you won’t have to take any actions.

Researchers became aware of the security flaw in late May; however, Microsoft appeared to not closely address the situation, offering manual Command prompt workarounds for the issue rather than a software patch.

Vulnerability Analyst Will Dormann noted that the June update rolling out even seems to be misdated, as if it became available in May rather than now.

The first Follina attacks might have started as early as mid-April, “with sextortion threats and invitations to Sputnik Radio interviews as baits,” Bleeping Computer added.

Security researcher CrazymanArmy of Shadow Chaser Group told the publication that Microsoft’s security team rejected his submission at that time as not a “security-related issue.”

The zero-day vulnerability is able to grant hackers access to the Microsoft Support Diagnostic Tool (MSDT), according to the security company Proofpoint. This tool is commonly associated with Microsoft Office and Microsoft Word. From there, hackers are able to access computer back ends, granting them permission to install programs, create new user accounts, and manipulate data on a device.

The first documented Follina attack was traced to a Chinese TA413 hacking group, aimed at the Tibetan diaspora. Follow-up attacks were phishing scams aimed at U.S. and E.U. government agencies. The most recent attacks are connected to the TA570 Qbot affiliate, which is conducting phishing scams with Qbot malware, the publication added.

Editors' Recommendations

PC gamers are flocking to Windows 11, new Steam survey says
Shadow of the Tomb Raider on the Alienware 34 QD-OLED.

According to the latest Steam Hardware and Software Survey, more PC gamers are switching to using Windows 11. Although Windows 10 continues to top the charts, it's slowly losing users to Microsoft's newer operating system, as Windows 11 now compromises over a third of all operating systems in Steam's monthly survey.

It's happy news for Microsoft as Windows 11 continues to inch forward in the Steam Hardware Survey. While the survey doesn't include the software and hardware utilized by each and every gamer on the platform, it still shows us some significant averages. Microsoft has continued to push Windows 11 for new PCs, and the latest survey from Steam suggests that the effort is working.

Read more
5 Windows 11 settings to change right now
Person sitting and using a Windows Surface computer with Windows 11.

Windows 11 is great -- it's worth upgrading to from Windows 10. But as with every version of Windows, it's at its best when you make some tweaks to it. Beyond making Windows 11 look like Windows 10, or customizing the Windows 11 taskbar, there are a few changes anyone can make to Windows 11, and they're changes that everyone should make. In my humble opinion, at least.

So, if you're looking for an upgraded, augmented, and altogether better Windows 11 experience, here are the top five changes you should make to it right now.
Disable tracking and personalization
If, like me, you aren't a fan of deep personalization or data collection on you in general, then like me, you'll be looking for the least-tracked version of Windows you can find. While Windows 11 does collect more data on you than previous versions, you can disable some of it, and restrict the way the operating system automatically personalizes your experience.

Read more
New Windows 11 update adds ChatGPT-powered Bing AI to the taskbar
Microsoft has released a new Windows 11 feature that makes the OS photos app compatible with Apple's iClould.

Microsoft has just unveiled the latest update to Windows 11 which has already started rolling out. There are plenty of changes on the horizon, including those involving the ChatGPT-based Bing AI search.

The new update lets Windows 11 users communicate with the AI-powered version of Bing right in their taskbar. The AI model itself also seems to have received an update that might make conversing with it less bizarre.

Read more