Microsoft Patches 55 Vulnerabilities, Including Zero-Day ‘Follina’
Microsoft’s Patch Tuesday is, at this point, security tradition. The company issues new software updates for machines running Windows on the second Tuesday of every month, containing patches for security vulnerabilities discovered since the last Patch Tuesday. Microsoft’s latest update dropped on Tuesday, June 14, and carried with it dozens of patches for Windows, including a fix for a serious security vulnerability we’ve covered before.
Microsoft finally fixed the zero-day vulnerability ‘Follina’
The biggest news with last week’s Patch Tuesday was a fix for the “Follina” zero-day security vulnerability. We discussed Follina last month: This vulnerability took advantage of a flaw within Microsoft Office documents, allowing bad actors to send victims malicious documents that, when opened, would run arbitrary code on the receiver’s machine. This malicious code allowed the perpetrators to take control of the system, making this vulnerability a critical one for Microsoft to patch.
Luckily, the company did patch Follina: Once this latest update is installed on your machine, you won’t need to worry about malicious Microsoft Office documents threatening your system in this particular manner. The issue highlights the importance vigilance when using email or other messaging services: When someone sends you a file via one of these services, do not open it unless you are positive you know the sender, and that the attached file is legitimate. While Follina is a major security risk, it only posed a threat to you if you opened the malicious file.
This Patch Tuesday contains 55 total fixes for security vulnerabilities
Follina might have been the biggest vulnerability patched with this latest security update, but it was far from the only flaw fixed. Microsoft squashed an additional 54 flaws, including three identified as “Critical.” Those Critical vulnerabilities are as follows:
- CVE-2022-30163: Windows Hyper-V Remote Code Execution Vulnerability.
- CVE-2022-30139: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability.
- CVE-2022-30136: Windows Network File System Remote Code Execution Vulnerability.
In total, this Patch Tuesday included fixes for 27 remote code execution vulnerabilities, 12 elevation of privilege vulnerabilities, 11 information disclosure vulnerabilities, three denial of service vulnerabilities, one security feature bypass vulnerability, and one spoofing vulnerability. For a complete list of all patched vulnerabilities, click here.
How to install the latest Patch Tuesday updates from Microsoft
It’s possible, based on your system’s settings, that these updates were installed automatically by Windows, and you’re all set. However, the updates may be stalled until a later date, or you may need to manually install the updates altogether. To check, head to Start > Settings > Update & Security > Windows Update (Windows 10) or Start > Settings > Windows Update (Windows 11). Here, let Windows look for new updates. If the patch is ready to go, you’ll see that here. Now, follow the instructions on-screen to download and install the patches to protect your computer.