Microsoft’s Final Patch Tuesday Fixes Follina Bug

  • Microsoft issued its last regular patch update round yesterday, fixing over 50 CVEs, including a dangerous zero-day bug known as “Follina.”

    Also known by its official moniker, CVE-2022-30190, Follina is being exploited in the wild by state-backed actors and the operators behind Qakbot, which has links to ransomware groups. It’s a remote code execution (RCE) bug affecting the popular utility Windows Support Diagnostic Tool (MSDT).

    Microsoft patched three other critical vulnerabilities this month.

    CVE-2022-30136 is an RCE vulnerability in the Windows Network File System (NFS), impacting Windows Server 2012-2019. CVE-2022-30139 is an RCE bug in Microsoft’s Lightweight Directory Access Protocol (LDAP) affecting Windows 10 and 11 and Windows Server 2016-2022

    Finally, CVE-2022-30163 is an RCE bug in Windows Hyper-V and should also be prioritized alongside the other two, according to Recorded Future senior security architect Allan Liska.

    “According to Microsoft this is a complex vulnerability to exploit; however, successful exploitation would allow an attacker with access to a low-privileged guest Hyper-V instance to gain access to a Hyper-V host, giving them full access to the system,” he explained.

    “This vulnerability impacts Windows 7 through 11 and Windows Server 2008 through 2016.”

    Mark Lamb, CEO of security vendor High Ground, argued that firms have historically been slow to apply the fixes listed in Patch Tuesday unless the vulnerabilities behind them receive much publicity, like PrintNightmare and Log4Shell.

    That’s partly because of the sheer volume of CVEs being published each week and the difficulty many organizations have in prioritizing them according to business risk. Last year saw another record number listed in NIST’s National Vulnerability Database.

    “Companies should be diligent in approving and deploying patches on a weekly basis, if possible, because you don’t know what the next vulnerability is going to be and whether it could have been mitigated by consistent and diligent patching,” argued Lamb.

    “It’s also something that IT teams need to get stricter on with their users – there is always friction with users not wanting to be interrupted during the day, but in my opinion, this is something IT teams should be unwilling to compromise on.”

    From July, Microsoft will switch to Windows Autopatch, a new managed service designed to streamline the product update process for Windows 10/11 Enterprise E3 users with automated patching.