In recent weeks, security researchers have discovered that the “Follina” vulnerability was discovered in 2013, 2016, 2019, 2021 and some versions of Microsoft 365. proved to be a danger. Researchers, who first reported the new vulnerability to Microsoft in April, but said that the company did not see it as a serious threat, confirmed today that Follina was neutralized.
New update disables Follina
‘ms-msdt’ (Microsoft Support Diagnostic Tool) which leverages Word remote template feature to retrieve HTML file from a remote web server and then execute PowerShell code ) scheme, Follina was able to quickly bypass many security measures, including Windows Defender or Office’s Protected Mode, without needing any elevated privileges to run.
In the intervening time, it was reported that the new vulnerability was used by Chinese hackers against members of the Tibetan diaspora, while users in Belarus were also attacked, as well as the European Union and US local governments earlier this month.
Microsoft shuts down Internet Explorer after 27 years
Saying that the KB5014699 Windows update shared by Microsoft on Tuesday disabled Follina, the UK-based security software and hardware company Sophos announced that Follina was not mentioned in the update notes, but the tests showed that the error no longer works after the update.
- Home
- Software
- Windows News
- Microsoft fixes critical vulnerability in Office versions
21696
