Microsoft has patched a Windows vulnerability that hackers are actively exploiting. If you have a system that uses Windows 7 and above, you will want to update your computer as soon as possible (via beeping computer).
The security flaw, called Follina (CVE-2022-30190) by researchers, allows malicious actors to hack into users’ computers through programs such as Microsoft Word. Security researchers have known about the threat since late May, but Microsoft reportedly dismissed their initial findings.
In an attack documented by security firm Proofpoint, hackers associated with the Chinese government sent malicious Word documents to Tibetan recipients. Once opened, these documents use the Follina exploit to take control of the Microsoft Support Diagnostic Tool (MSDT) to execute commands that can be used to install programs, create new user accounts, and access, remove, or modify data stored on a computer. The exploit has also been used in phishing campaigns targeting US and European government agencies.
Microsoft’s initial warning about the threat offered workarounds to protect against the threat, but this update (KB5014699 for Windows 10 and KB5014697 for Windows 11) should eliminate the need for that. “Microsoft strongly recommends that customers install updates to be fully protected against the vulnerability,” Microsoft says. “Customers whose systems are configured to receive automatic updates do not need to take any further action.”