Microsoft issued its last regular patch update round this week, fixing over 50 CVEs, including the malicious zero-day bug “Follina.”
Officially named CVE-2022-30190, Follina, as reported last week, is being exploited in the wild by state-backed actors and the operators behind Qakbot, which has links to ransomware groups. It’s a remote code execution (RCE) bug affecting the popular utility Windows Support Diagnostic Tool (MSDT).
As well as patching Follina, Microsoft patched three other critical vulnerabilities this month.
CVE-2022-30126 is an RCE vulnerability in the Windows Network File System (NFS), impacting Windows Server 2012-2019.
CVE-2022-30139 is an RCE bug in Microsoft’s Lightweight Directory Access Protocol (LDAP) affecting Windows 10 and 11 and Windows Server 2016-2022.
The final patch was for CVE-2022-30163. CVE-2022-30163 is a RCE bug in Windows Hyper-V.
Allan Liska, Recorded Future senior security architect, says: “according to Microsoft this is a complex vulnerability to exploit; however, successful exploitation would allow an attacker with access to a low-privileged guest Hyper-V instance to gain access to a Hyper-V host, giving them full access to the system,”
“This vulnerability impacts Windows 7 through 11 and Windows Server 2008 through 2016.”
The CEO of HighGround, Mark Lamb, said that firms have historically been slow to apply the fixes listen in Patch Tuesday unless the vulnerabilities listed receive a lot of publicity.
Many organisations have a problem with prioritising the vast number of CVEs according to business risk.
Lamb said, “companies should be diligent in approving and deploying patches on a weekly basis, if possible, because you don’t know what the next vulnerability is going to be and whether it could have been mitigated by consistent and diligent patching.”
“It’s also something that IT teams need to get stricter on with their users – there is always friction with users not wanting to be interrupted during the day, but in my opinion, this is something IT teams should be unwilling to compromise on.”
This July, Microsoft are switching to Windows Autopatch, a new managed service that aims to streamline the product update process for Windows 10/11 Enterprise E3 users with automated patching.