Don't Wait to Install the June Windows Update — It Fixes a Major Security Bug

Microsoft has patched a Windows vulnerability that hackers are actively exploiting. If you have a system that uses Windows 7 and up, you'll want to update your computer as soon as possible (via Bleeping Computer).

The security flaw, called Follina (CVE-2022-30190) by researchers, allows bad actors to hijack users' computers through programs such as Microsoft Word. Security researchers have known about the threat since late May, but Microsoft reportedly dismissed their initial findings.

In an attack documented by security company Proofpoint, hackers affiliated with the Chinese government sent malicious word documents to Tibetan recipients. When opened, these documents use the Fallina exploit to control Microsoft Support Diagnostic Tool (MSDT) to execute commands that are used to install programs, create new user accounts, and access, delete or change data stored on the computer. can be done for. The exploit has also been used in phishing campaigns targeting US and European government agencies.

Microsoft's original warning about the threat offered a workaround to protect against the threat, but this update (KB5014699 for Windows 10 and KB5014697 for Windows 11) should eliminate its need. "Microsoft strongly recommends that customers install updates to be fully protected from the vulnerability," says Microsoft. "Customers whose systems are configured to receive automatic updates need not take any further action."