Security News > 2022 > June > Follina gets fixed – but it’s not listed in the Patch Tuesday patches!

A few hours ago, we recorded this week's Naked Security podcast, right on Patch Tuesday itself.
We said as much in the podcast, and inferred, that Follina either wasn't really considered a bug, and therefore didn't get fixed, or was still in the process of getting some sort of fix that wasn't ready in time.
Having recorded the podcast, based on the abovementioned June 2022 Security Update bulletin, we checked with our sister site, Sophos News, where SophosLabs had by then published its own analysis of that security bulletin, covering the CVEs in the official list in useful detail.
Anyway, a short while after that, we noticed reports that the Follina bug was apparently "Fixed" after all.
As far as we can see, the June 2022 Patch Tuesday does suppress this bug, at least in our brief testing.
CVE-2022-30190 bug does seem to have been recognised as a genuine security flaw by Microsoft, and it has been patched, even if you weren't sure about that to start with.
News URL
Related news
- February 2025 Patch Tuesday forecast: New directions for AI development (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- February's Patch Tuesday sees Microsoft offer just 63 fixes (source)
- Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- March 2025 Patch Tuesday forecast: A return to normalcy (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-06-01 | CVE-2022-30190 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Microsoft products A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. | 0.0 |