According to researchers, Microsoft has published a patch for a zero-day weakness that was first identified in April and has already been utilized by attackers to target organizations in Russia and Tibet.
The CVE-2022-3019 remote control execution hole is linked to the Microsoft Support Diagnostic Tool (MSDT), which, ironically, collects information about defects in Microsoft’s products and reports it to Microsoft Support. In the context allowed by the user’s rights, attackers can install applications, read, alter, or remove data, or create new accounts if the vulnerability is successfully exploited.
Researchers said threat actors are already using the ‘Follina’ vulnerability, which was discovered in April, to target organizations in Russia and Tibet.
Read More: https://threatpost.com/microsoft-workaround-0day-attack/179776/