Microsoft fixed the sensational 0-day Follina and 55 more vulnerabilities

image

Of the 55 vulnerabilities, three are classified as critical because they allow attackers to carry out RCE attacks. All others are classified as serious. The patch does not include 5 Microsoft Edge Chromium fixes that were released earlier this week.

The number of errors in each vulnerability category is listed below:

  • 12 privilege escalation vulnerabilities;

  • 1 vulnerability of circumvention of security functions;

  • 27 RCE vulnerabilities;

  • 11 information disclosure vulnerabilities;

  • 3 denial of service vulnerabilities;

  • 1 vulnerability that allows spoofing.

I would like to note separately the elimination of the sensational 0-day Follina. We have reported several times about attacks using this vulnerability and explained in detail the reason for its appearance.

Follina or CVE-2022-30190 immediately attracted hackers who began to use it in their attacks. The most high – profile cases of vulnerability use were:

  • An attack by an unknown government hacker on EU and US state institutions;

  • Exploiting the vulnerability by Qbot malware;

  • The attack of Sandworm hackers on the Ukrainian media.

The patch will be included in cumulative Windows updates for June 2022.

Start a discussion …