Known as Follina, the zero-day vulnerability typically uses malicious Word documents to take control of the Microsoft Support Diagnostic Tool (MSDT). The app itself is unable to detect the threat until it’s too late, giving hackers free rein to execute a variety of dangerous commands. A recent case in Tibet found evidence of Follina being used to install programs, create user accounts and modify data stored on the target device, often without the user’s knowledge. As Bleeping Computer also discovered, it can be expanded to harvest a variety of personal data, from browser passwords to email information. The vulnerability isn’t limited to Asia, either, with evidence of similar phishing campaigns in the US and Europe. These currently target government agencies, but there’s no reason to suggest they won’t be expanded to include consumer devices. The issue was first discovered in late May, with Microsoft promptly recommending several workarounds. But two weeks later, the company has released a more formal update that it’s urging everyone to download. This is version KB5014699 on Windows 10, but KB5014697 on Windows 11. To install it, simply head to Settings > Update & Security and click ‘Check for updates’. You may need to clear any outstanding updates for it to appear, but there’s no need to install Windows 11 first if you’re still running Windows 10. Even if you have automatic updates turned on, it’s worth making sure the latest version is installed. With several devices already affected by the vulnerability, it’s worth installing the patch as soon as possible to protect vital information from hackers.
Related articles you may like
Windows 10 update blocks Event Viewer and may cause data loss (May 2022)Windows 11’s KB5012643 update is causing issues (May 2022)Windows 11: Everything you need to know
As the resident expert on Windows, Senior Staff Writer Anyron’s main focus is PCs and laptops. Much of the rest of his time is split between smartphones, tablets and audio, with a particular focus on Android devices.