Security News > 2022 > June > Microsoft patches actively exploited Follina Windows zero-day
Microsoft has released security updates with the June 2022 cumulative Windows Updates to address a critical Windows zero-day vulnerability known as Follina and actively exploited in ongoing attacks.
"Microsoft recommends installing the updates as soon as possible," the company further urged customers in a post on the Microsoft Security Response Center.
Tracked as CVE-2022-3019, the security flaw is described by Redmond as a Microsoft Windows Support Diagnostic Tool remote code execution bug that affects all Windows versions still receiving security updates.
While applying today's updates does not prevent Microsoft Office from automatically loading Windows protocol URI handlers without user interaction, it blocks PowerShell injection and disables this attack vector.
The Follina security vulnerability has been exploited in attacks for a while by state-backed and cybercrime threat actors with various end goals.
In light of Microsoft reporting active exploitation of the bug in the wild, CISA has also urged Windows admins and users to disable the MSDT protocol abused in these attacks.
News URL
Related news
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Microsoft has finally fixed Date & Time bug in Windows 11 (source)
- Microsoft shares workaround for Windows security update issues (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Windows 10 KB5051974 update force installs new Microsoft Outlook app (source)
- Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)
- Microsoft to remove the Location History feature in Windows (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-29 | CVE-2022-3019 | Authorization Bypass Through User-Controlled Key vulnerability in Tooljet The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one). | 8.8 |