Microsoft is still silent about patch for Follina bug week after discovery
Microsoft still doesn’t have an official patch available for the Follina bug that went public last week. Nor can the company say when such a patch will be released. Meanwhile, the Follina bug is actively attacking in several countries.
Security company Proofpoint say that it has repulsed several active attacks through Follina on European and American government agencies. The company does not say which authorities these are, but the consequences would be relatively limited with “less than ten Proofpoint customers”. The agencies were attacked via the Follina bug that came out last week. Follina is a vulnerability in the Support Diagnostics Tool that allows remote code execution with privileges of the used program. According to Proofpoint, the attackers attacked the victims by sending a phishing email and after clicking to call PowerShell† That makes the bug very dangerous.
Despite this, Microsoft has still not released a patch for the zeroday. The company did publish a workaround for CVE-2022-30190, but there is as yet no patch available that fixes the vulnerability. The company referred to a blog post where it provides more information. It was last updated on Monday, but only with more questions and answers. The company is still not talking about a final solution.