Today, the American tech giant Microsoft has officially released a fix to address an actively exploited Windows zero-day vulnerability known as Follina by state-backed hackers in its latest security updates.
A remedy for the high-severity vulnerability, identified as CVE-2022-30190, was issued as part of Microsoft’s monthly Patch Tuesday security patch release.
However, as cybersecurity firm Sophos pointed out, the remedy isn’t among the fixes provided in the release – even though Follina has been mitigated.
In a June 14 update, the firm advises its customers via its original advisory to install the updates to be fully protected from the vulnerability.
Recently, attackers have used the Follina weakness to execute malicious PowerShell instructions via the Microsoft Diagnostic Tool (MSDT) when opening or previewing infected Office documents, even when macros are disabled.
The vulnerability affects all current Windows versions, including Windows 11, and allows threat actors to access or erase data, install programs, and create new accounts on affected devices.
In April, researchers initially noticed hackers exploiting the issue to target Russian and Belarussian users. Enterprise security firm Proofpoint said last month that a Chinese state-sponsored hacking gang was using the zero-day in assaults against the international Tibetan community.
Follina is now being used in continuing phishing efforts to infect victims with the Qbot banking malware and in phishing attacks targeting the US and European government institutions by a Chinese threat group known as TA570.
The Follina zero-day was first reported to Microsoft on April 12. However, Crazyman, the security researcher who was credited with first exposing the vulnerability, stated in a tweet that Microsoft first classified the bug as not a security-related issue.
Meanwhile, there was significant speculation leading up to Patch Tuesday about whether Microsoft would release patches given Microsoft’s initial dismissal of the flaw and its widespread exploitation in the weeks since its public disclosure.
However, Claire Tills, senior research engineer at cybersecurity firm Tenable, said this is becoming a worrying trend.
However, she maintained that the tenable discovered and disclosed two vulnerabilities in Microsoft’s Azure Synapse Analytics, one of which has been patched and one that has not. Neither of these vulnerabilities was assigned CVE numbers or documented in Microsoft’s security update guide for June.
In addition to Follina mitigation, Microsoft addressed three critical remote code execution (RCE) issues. None of these, however, have been actively exploited.