At the end of May, security researchers discovered a serious vulnerability in operating systems of the Windows family that allows attackers to gain control over users’ computers using programs such as Microsoft Word. This vulnerability is called Follina (CVE-2022-30190) and is actively exploited by hackers allegedly associated with the Chinese government.
According to Proofpoint, the attackers sent malicious Word documents to Tibetan recipients. Once the document was opened, the hackers gained access to the Microsoft Support Diagnostic Tool (MSDT), which can be used to install programs, create new accounts, and read, delete, and modify data stored on the computer. Similar malicious documents were sent to US and European government agencies through phishing attacks.
The vulnerability was fixed in the June cumulative updates for all supported versions of Windows, according to Bleeping Computer. Thus, if you are using Windows 7 or newer versions of the OS, then you should install updates on your computer as soon as possible.
Note that previously Microsoft published a warning about this threat and suggested workarounds for protection. Released updates (KB5014699 for Windows 10 and KB5014697 for Windows 11) should completely fix the problem, which means you won’t need to use workarounds. If your computer is configured to receive updates automatically, no further action is required.