• October 6, 2022

GravStar’s Sirius 5 Wireless Earbuds With Swappable Sci-Fi Charging Cases

GravStar is a company known for creating unique sci-fi-inspired audio products that look as good as they sound. The latest launch from the company is the Sirius P5 wireless earbuds. The …

401(k)s Are Not A Substitute For Social Security

This is an exciting time for U.S. retirement policy. Everyone — left, right, and center — recognizes that American retirement policy is out of date. According to the Global Pension Index, …

Steve Stoute’s UnitedMasters Successfully Recruits Uber, Twitter And Adobe Execs

Steve “The Commissioner” Stoute’s music startup UnitedMasters, music distribution and data analytics company has successfully recruited top execs from Uber UBER , Twitter and Adobe ADBE . The company continues to …

It was just a week ago that I warned of a 0-day hack, enabling an attacker to remotely execute code on most versions of Microsoft Windows and Windows Server, was already being exploited in the wild. The attacks employed malicious Microsoft Office documents, but not with the usual macro-based methodology. Instead, Follina, as CVE-2022-30190 quickly became known, used vulnerabilities in the Microsoft Windows Support Diagnostic Tool (MSDT) and could even execute without the need to open the document in some exploit scenarios.

Advertisement

As no emergency, out-of-band, fix was forthcoming, it was hoped that the June Patch Tuesday security update would include Follina. However, with that Patch Tuesday rollout happening yesterday, there was no mention of CVE-2022-30190 in the documented fixes. At first, this seemed to suggest that Microsoft (which still hasn’t responded to my request for a statement regarding Follina, by the way) was going with the ‘it’s a feature, not a bug’ defense. However, despite CVE-2022-30190 being conspicuous by its absence, it appears that was not the case.

The Microsoft Security Update Guide entry for CVE-2022-30190 has been edited to read: “A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.” Scrolling down to the FAQ section, the confirmation is complete with this answer to the is there an update available question: “Yes, the updates are available. Microsoft recommends installing the June updates as soon as possible.”

You know what to do, install the June 2022 Patch Tuesday updates as soon as is possible.

Advertisement

Leave a Reply

Your email address will not be published.