Advertisement

June updates for Windows fix a critical vulnerability

Earlier in May, a serious vulnerability was found in Windows that allows running any app without users' interaction. It abuses Windows protocol associations. Opening a Microsoft Office document could be enough to compromise the device. This vulnerability has been dubbed Follina (CVE-2022-30190) and is know to be exploited by hackers.

June updates for Windows fix a critical vulnerability

The attackers, allegedly linked to the China, sent malicious Word documents to Tibetan recipients. Such a document opens access to the Microsoft Support Diagnostic Tool (MSDT). The latter allows them to install apps, create new user accounts, and manage data stored on the computer. Such malicious documents were also sent to US and European government workers via phishing.

Users could apply a workaround, e.g. unregister a protocol in the Registry.

Microsoft has fixed this vulnerability in the June cumulative updates for all supported versions of Windows. It is a good idea to install updates on your computer as soon as possible to secure it.

KB5014699 for Windows 10 and KB5014697 for Windows 11 should resolve the issue, so no workaround required. They will be installed automatically via Windows Update. You can manually trigger this process by opening Settings (Win + I), opening the Windows Update page, and clicking the "Check for updates" button on the right.

via Bleeping Computer

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!

Advertisеment

Author: Sergey Tkachenko

Sergey Tkachenko is a software developer who started Winaero back in 2011. On this blog, Sergey is writing about everything connected to Microsoft, Windows and popular software. Follow him on Telegram, Twitter, and YouTube.

Leave a Reply

Your email address will not be published.

css.php
Using Telegram? Subscribe to the blog channel!
Hello. Add your message here.