Microsoft is still silent about a patch for Follina bug a week after discovery

Spread the love

Microsoft still doesn’t have an official patch available for the Follina bug that went public last week. The company also cannot say when such a patch will be released. Meanwhile, via the Follina bug, it is actively being attacked in several countries.

Security company Proofpoint say that it has repelled several active attacks via Follina against European and US government agencies. The company does not say which authorities these are, but the consequences would be relatively limited with ‘less than ten Proofpoint customers’. The instances were attacked via the Follina bug that came out last week. Follina is a vulnerability in the Support Diagnostics Tool that allows remote code execution with privileges of the used program. According to Proofpoint, the attackers attacked the victims by sending a phishing email and after clicking invoke PowerShell. That makes the bug very dangerous.

Despite this, Microsoft still hasn’t released a patch for the zero day. The company published a workaround last week CVE-2022-30190, but there is currently no patch available that fixes the vulnerability. The company referred to this a blog post in which it provides more information. It was last updated on Monday, but only with more questions and answers. The company is still not talking about a definitive solution.

You might also like
Exit mobile version