Windows under attack by zero-day flaw — what to do right now
Hackers have been exploiting the Follina zero-day, so update to keep them at bay
Are you using a Windows PC? Then stop what you’re doing and check that you’re running the latest update, as it fixes some security holes hackers have been actively exploiting.
As Beeping Computer reports, the security tweaks bundled in the June 2022 cumulative Windows Updates seal the zero-day security hole that enabled an exploit dubbed Follina (CVE-2022-30190).
The security flaw came in the form of a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution bug, which allowed hackers to execute arbitrary code within apps using the tool, and allow the installation of programs, changing or deleting of data or making a new Windows account with a compromised user’s rights on the affected PC. The bug affects machines running Windows 7 or later.
And according to security researchers from Proofpoint, the bug has been exploited by Chinese hackers who used it to send malicious documents to Tibetans. Furthermore, the bug has been used to target U.S. and European Union government agencies.
So while you may not be the target of potential state-sponsored hackers, other savvy cyber criminals could look to use the exploit on unpatched PCs to cause havoc. That's why, like Microsoft, we recommend you make sure your PC is patched as soon as possible.
"Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action," said Microsoft.
So if you have automatic updates enabled then there's a good chance you’re already protected. But if not you’ll want to ensure you have the latest patch.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
To do that, head to the Windows Settings app, navigate to the Windows Update section and you should be told if your PC is up to date, if it needs an update, or in some cases if a restart is needed to apply the update. Make sure you do this to help keep your PC protected from malicious and opportunistic hackers.
Roland Moore-Colyer a Managing Editor at Tom’s Guide with a focus on news, features and opinion articles. He often writes about gaming, phones, laptops and other bits of hardware; he’s also got an interest in cars. When not at his desk Roland can be found wandering around London, often with a look of curiosity on his face.