Chinese hackers have already taken advantage of the flaw
Microsoft has patched a Windows vulnerability that hackers are actively exploiting. If you own a system that uses Windows 7 and up, you’ll want to update your computer as soon as possible (via Bleeping Computer).
The security flaw, called Follina (CVE-2022-30190) by researchers, lets bad actors hijack users’ computers through programs like Microsoft Word. Security researchers have been aware of the threat since late May, but Microsoft reportedly dismissed their initial findings.
In an attack documented by security company Proofpoint, hackers associated with the Chinese government sent malicious Word documents to Tibetan recipients. When opened, these documents use the Follina exploit to take control of the Microsoft Support Diagnostic Tool (MSDT) to execute commands that could be used to install programs, create new user accounts, and access, delete, or change data stored on a computer. The exploit has also been used in phishing campaigns targeting American and European government agencies.
Microsoft’s original warning about the threat offered workarounds to protect against the threat, but this update (KB5014699 for Windows 10 and KB5014697 for Windows 11) should eliminate the need for that. “Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability,” Microsoft says. “Customers whose systems are configured to receive automatic updates do not need to take any further action.”
Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.
Remember, CyberSecurity Starts With You!
- Globally, 30,000 websites are hacked daily.
- 64% of companies worldwide have experienced at least one form of a cyber attack.
- There were 20M breached records in March 2021.
- In 2020, ransomware cases grew by 150%.
- Email is responsible for around 94% of all malware.
- Every 39 seconds, there is a new attack somewhere on the web.
- An average of around 24,000 malicious mobile apps are blocked daily on the internet.
- 5 British businesses were penalised for making 500,000 unwanted calls - 8 December 2022
- End 2 End Encryption (E2EE) Is Finally here, kind of, for Apple Device Backups - 8 December 2022
- Google releases a fresh version of Chrome to fix yet another zero-day flaw - 3 December 2022