When exploited, Microsoft notes that the attacker can run arbitrary code with the privileges of the calling application, and then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. Microsoft is currently scoring the vulnerability as a CVSSv3.1 7.8/10. What is CVE-2022-30190?ĬVE-2022-30190, now dubbed “Follina,” is a flaw in the Microsoft Support Diagnostic Tool (MSDT) that allows for remote code execution (RCE) when MSDT is called using the URL protocol from an application such as Word. Three days later, on May 30, Microsoft acknowledged the vulnerability and released temporary remediation guidance for CVE-2022-30190. Update (6/1/22): Over the weekend, security research team Nao_Sec released details on Twitter regarding a possible zero-day vulnerability in Microsoft Office products for Windows. KB5014742: Security only Windows Server 2008 R2, Windows 7 SP1 KB5014748: Monthly Rollup Windows Server 2008 R2, Windows 7 SP1 KB5014741: Security only Windows Server 2012 KB5014747: Monthly Rollup Windows Server 2012 KB5014746: Security only Windows Server 2012 R2, Windows RT 8.1, Windows 8.1 KB5014738: Monthly Rollup Windows Server 2012 R2, Windows RT 8.1, Windows 8.1 Refer to the following security updates to close the vulnerability: Update (8/5/22): Microsoft Office released patches for the Follina vulnerability CVE-2022-30190 with the June 2022 Windows Security Update.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |