Security News > 2022 > June > Follina gets fixed – but it’s not listed in the Patch Tuesday patches!

Follina gets fixed – but it’s not listed in the Patch Tuesday patches!
2022-06-15 18:20

A few hours ago, we recorded this week's Naked Security podcast, right on Patch Tuesday itself.

We said as much in the podcast, and inferred, that Follina either wasn't really considered a bug, and therefore didn't get fixed, or was still in the process of getting some sort of fix that wasn't ready in time.

Having recorded the podcast, based on the abovementioned June 2022 Security Update bulletin, we checked with our sister site, Sophos News, where SophosLabs had by then published its own analysis of that security bulletin, covering the CVEs in the official list in useful detail.

Anyway, a short while after that, we noticed reports that the Follina bug was apparently "Fixed" after all.

As far as we can see, the June 2022 Patch Tuesday does suppress this bug, at least in our brief testing.

CVE-2022-30190 bug does seem to have been recognised as a genuine security flaw by Microsoft, and it has been patched, even if you weren't sure about that to start with.


News URL

https://nakedsecurity.sophos.com/2022/06/15/follina-gets-fixed-but-its-not-listed-in-the-patch-tuesday-patches/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-06-01 CVE-2022-30190 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Microsoft products
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word.
local
low complexity
microsoft CWE-610
7.8