Time to update Windows: Microsoft releases patches for Follina

Time to update Windows: Microsoft releases patches for Follina

Time to update Windows

With the latest cumulative update of June 2022, Microsoft intervenes (finally?) To correct the known zero-day vulnerability renamed as Follina, which was already exploited by some hackers.

It goes without saying that it is advisable to update Windows as soon as possible, in order to correct this potentially dangerous flaw, as also suggested by Microsoft. The intervention of the company is always welcome, albeit untimely, we remember that the Colossus of Redmond is not new to situations like this. For example, the "DogWalk" vulnerability was patched after two years.

Related mail file CVE-2022-30190 https://t.co/c53ClKkYv0 https://t.co/8YsG8bVYJd pic .twitter.com / HEwHF6VLHR

- nao_sec (@nao_sec) June 10, 2022



We remind our readers that Follina was a zero-day vulnerability (ie belonging to those undetected or incorrect flaws) classified as CVE-2022-3019 which pertains to the Microsoft Technical Support Diagnostic Tool (MSDT). Using it, it was possible to execute arbitrary code with a level of privilege that could install programs, view, modify or delete data and even create Windows accounts.


Will Dorman, vulnerability analyst at CERT / CC, pointed out via Twitter that the patches recently released by Windows do not prevent the creation of the msdt.exe file, but neutralize the attack vector by blocking the injection of PowerShell.

However, the advice shared with Windows administrators remains valid, namely to disable the MSDT protocol to avoid its misuse in order to execute arbitrary code remotely. The vulnerability affected all versions of Windows still covered by the security updates, including Windows 7 and Windows Server 2008.







Critical New Security Update For Millions Of Windows 10, 11 & Server Users

Microsoft Patch Tuesday fixes critical security flaws in Windows 10, 11 & Server

Getty Images

As well as fixing the already under attack Follina zero-day exploit, Microsoft has just confirmed three critical vulnerabilities that impact millions of Windows and Windows Server users.


Within the collection of 55 new Microsoft security updates, yes it's Patch Tuesday time again, there are three that are rated as critical. The good news is that none of these, in fact, none of the 55 listed vulnerabilities, are known to currently be under exploitation in the wild. I can say that despite the CVE-2022-30190 Follina fix being distributed as, bizarrely, Microsoft didn't list it among the vulnerabilities patched.

MORE FROM FORBESAct Now To Fix Under Attack Microsoft Windows 0-Day HackBy Davey Winder

The three critical security flaws are as follows

CVE-2022-30136

CVE-2022-30136 impacts Windows Server (2012, 2016, 2019) users and is a remote code execution (RCE) threat that could be exploited over the network using a malicious call to a network file system (NFS) service. According to Mike Walters, cybersecurity executive and co-founder of Action1, it is believed 'an exploit for this vulnerability has been developed, although this information has not been confirmed.' He also warns that 'this June patch should only be applied after the May one has already been installed,' in reference to the CVE-2022-26937 patch last month.

CVE-2022-30139

CVE-2022-30139 impacts Windows (10 & 11) and Windows Server (2016, 2019, 20H2, 2022) users and is another RCE but this time impacting the Windows lightweight directory access protocol (LDAP) where default policy values have been changed. According to Vulnerability Database, while the full technical details are as yet unknown, 'a simple authentication is necessary for exploitation.' While confirming no public exploit is available, the site suggests one could be worth between $5,000 and $25,000.

CVE-2022-30163

CVE-2022-30163 impacts Windows (7, 8.1, 10 & 11) and Windows Server (2008, 2012, 2016, 2019, 20H2 & 2022) users and is another arbitrary remote code execution vulnerability. This time it targets Windows Hyper-V host using a malicious application on a Hyper-V guest. According to the Trend Micro Zero Day Initiative, 'Microsoft notes that attack complexity is high since an attacker would need to win a race condition. However, we have seen many reliable exploits demonstrated that involve race conditions, so take the appropriate step to test and deploy this update.'

Should you update your Windows or Windows Server platform immediately?

Obviously, as always, the takeaway is to update as soon as possible in order to shore up these security holes. Well, for consumers at least. The situation becomes more complex for organizations. 'Businesses are typically slow in applying patches, yet I’d bet vulnerabilities are still the most common reason organizations are compromised,' Mark Lamb, CEO of HighGround.io, says. 'Security standards, including the U.K. Cyber Essentials overview standard, encourage patches to be deployed within 14 days of release for both Operating Systems and Applications, but it’s not uncommon for organizations to take months to get their patches deployed.' Lamb recommends, where possible, businesses should be 'diligent in approving and deploying patches on a weekly basis, because,' he says, 'you don’t know what the next vulnerability is going to be and whether it could have been mitigated by consistent and diligent patching.'