Microsoft released a software update, specifically a security patch for Windows, for the month of June (KB5014699 for Windows 10 and KB5014697 for Windows 11), which are mandatory for Windows 7 users and above to install.
This patch must be installed because its function is to patch important loopholes that have been exploited by hackers. The loophole is called Follina (CVE-2022-30190), which allows hackers to hijack PC systems through programs such as Microsoft Word.
This threat has actually been discovered by security researchers since late May, but Microsoft is said to have ignored the security report, and is only now releasing a patch for the vulnerability.
The attack using the Follina loophole was discovered and documented by cybersecurity firm Proofpoint, which discovered that Chinese government hackers were sending Word documents to a number of Tibetan nationals.
When opened, the document uses the Follina loophole to take over the Microsoft Support Diagnostic Toold (MSDT) to execute code sequences. Now this row of malicious code can be used to install programs, create new user accounts, access, delete, or change data stored on the computer.
This loophole is also used by phishing actions targeting a number of government agencies in the United States and Europe, as quoted by us from The Verge, Thursday (16/6/2022).
Before releasing this update, Microsoft already provided a trick to protect its users from the Follina loophole. But if you've updated the OS with updates KB5014699 and KB5014697), you don't need to do this trick anymore. Microsoft also highly recommends users to install the update.
"Microsoft strongly recommends consumers to install updates to be fully protected from this vulnerability. Consumers whose systems are set to receive automatic updates do not need to take additional steps," Microsoft wrote.