Trending

Stories

Microsoft’s New Security Updates Fixed Windows Zero-day Flaw Exploited by State-backed Hackers

Tidio Live Chat Software - Add Tidio live chat software to your website in minutes. Contact visitors and turn them into happy customers. Enhance their experience and boost your sales. Get it for Free

WP Rocket - WordPress Caching Plugin

Must Read

Yusuf Balogun
Yusuf Balogun
Yusuf is an aspiring Journalist and Health law expert with a special focus on technology innovations. He is a writer at Right for Education, Libertist Centre for Education, Qwenu, and Editor at Gamji Press, UDUS.

Today, the American tech giant Microsoft has officially released a fix to address an actively exploited Windows zero-day vulnerability known as Follina by state-backed hackers in its latest security updates.

A remedy for the high-severity vulnerability, identified as CVE-2022-30190, was issued as part of Microsoft’s monthly Patch Tuesday security patch release.

Also Read

However, as cybersecurity firm Sophos pointed out, the remedy isn’t among the fixes provided in the release – even though Follina has been mitigated.

In a June 14 update, the firm advises its customers via its original advisory to install the updates to be fully protected from the vulnerability.

Elegant Themes - The most popular WordPress theme in the world and the ultimate WordPress Page Builder. Get a 30-day money-back guarantee. Get it for Free

Recently, attackers have used the Follina weakness to execute malicious PowerShell instructions via the Microsoft Diagnostic Tool (MSDT) when opening or previewing infected Office documents, even when macros are disabled.

The vulnerability affects all current Windows versions, including Windows 11, and allows threat actors to access or erase data, install programs, and create new accounts on affected devices.

In April, researchers initially noticed hackers exploiting the issue to target Russian and Belarussian users. Enterprise security firm Proofpoint said last month that a Chinese state-sponsored hacking gang was using the zero-day in assaults against the international Tibetan community.

Follina is now being used in continuing phishing efforts to infect victims with the Qbot banking malware and in phishing attacks targeting the US and European government institutions by a Chinese threat group known as TA570.

The Follina zero-day was first reported to Microsoft on April 12. However, Crazyman, the security researcher who was credited with first exposing the vulnerability, stated in a tweet that Microsoft first classified the bug as not a security-related issue.

Meanwhile, there was significant speculation leading up to Patch Tuesday about whether Microsoft would release patches given Microsoft’s initial dismissal of the flaw and its widespread exploitation in the weeks since its public disclosure.

However, Claire Tills, senior research engineer at cybersecurity firm Tenable, said this is becoming a worrying trend.

However, she maintained that the tenable discovered and disclosed two vulnerabilities in Microsoft’s Azure Synapse Analytics, one of which has been patched and one that has not. Neither of these vulnerabilities was assigned CVE numbers or documented in Microsoft’s security update guide for June.

In addition to Follina mitigation, Microsoft addressed three critical remote code execution (RCE) issues. None of these, however, have been actively exploited.

iThemes WordPress Hosting

Stay updated

Subscribe to our newsletter and never miss an update on the latest tech, gaming, startup, how to guide, deals and more.

Latest

Stories

- Advertisement -
- Advertisement -

Latest

Grow Your Business

Place your brand in front of tech-savvy audience. Partner with us to build brand awareness, increase website traffic, generate qualified leads, and grow your business.

- Advertisement -

Grow Your Business

Get these business solutions, tools and services to help your business grow.
Elementor

Elementor -Join 5,000,000+ Professionals Who Build Better Sites With Elementor. Build your website with 100% visual design that loads faster and speeds up the process of building them.

WP Rocket

WP Rocket - Speed up your website with the most powerful caching plugin in the world. The website speed increase means better SEO ranking, user experience, and conversation. It’s a fact that Google loves a fast site.

Kinsta

Kinsta - If you are looking for WordPress managed hosting, Kinsta is in the leading front. Kinsta provides WordPress hosting for a small or large business that helps take care of all your needs regarding your website with cutting-edge technology.

OptinMonster

OptinMonster - Instantly boost leads and grow revenue with the #1 most powerful conversion optimization toolkit in the world. 700,000+ websites are using OptinMonster to turn their traffic into leads, subscribers, and sales.

Related

- Advertisement -
- Advertisement -
Google Pixel 4 and 4 XL Get Last Update WhatsApp Introduces 5 New Features For Status Updates OnePlus First-ever Tablet Launching in India Today ChatGPT Reaches 100 Million Users in Two Months Microsoft’s Teams Get OpenAI-Based Features WhatsApp New Feature that Allows Users to Create Calling Shortcuts Instagram Working On Twitter-like Paid Verification Feature OnePlus Ace 2 Specs Exposed Online Realme GT Neo 5 Full Specs Revealed  Samsung Galaxy S23 Ultra: The New Android King
Google Pixel 4 and 4 XL Get Last Update WhatsApp Introduces 5 New Features For Status Updates OnePlus First-ever Tablet Launching in India Today ChatGPT Reaches 100 Million Users in Two Months Microsoft’s Teams Get OpenAI-Based Features WhatsApp New Feature that Allows Users to Create Calling Shortcuts Instagram Working On Twitter-like Paid Verification Feature OnePlus Ace 2 Specs Exposed Online