With the latest Patch Tuesday, Microsoft has solved the vulnerability known as Follina that has been talked about in recent days, about a couple of years after the first discovery. We briefly recall that this is a problem related to the MSDT.exe application, which for a number of reasons allows you to run unauthorized code remotely requiring little interaction from the user of the victim computer.
Last May 30 Microsoft had finally classified the bug as a real security problem, giving it a criticality index of 7.8 out of 10, but had not shared precise information on the timing of distribution of a fix. We now know that it is included in the June patches, which are being distributed for all affected versions of Windows, from 7 (of course only for those who bought the ESU package, Extended Security Updates) to the current 11.
Is everything good that ends well? Not really. Also in relation to MSDT.exe, in the past few days, a new 0-day vulnerability dubbed DogWalk has emerged that this last Patch Tuesday did not fix.
#DogWalk ๐๐ถwith remote shared location is still working, no prompting of MoTW yet. It sounds no changes.https://t.co/gUUz95HxVK pic.twitter.com/rjpd8OzZJ0
โ j00sean (@j00sean) June 14, 2022
In a nutshell, it is possible to have MSDT download fraudulent software into the autorun folder of the operating system so that it will run on its next boot. Again, Microsoft said the flaw wasn’t particularly urgent and didn’t give it a CVE code. At this point, it is unclear, again, if and when the company will fix the problem.
Apart from Follina and DogWalk, there isn’t much to tell about the new patches. As for Windows 10, it is distributed via the KB5014699 package and is aimed at the three most recent versions, namely 20H2, 21H1 and 21H2 (builds 19042, 19043 and 19044 respectively).
For Windows 11, however, the package is KB5014697 and is available for the only version currently in circulation, which is the initial one (build number 22000). It will arrive over the next few days to all supported systems via Windows Update.
If you like our news and you want to be the first to get notifications of the latest news, then follow us on Twitter and Facebook page and join our Telegram channel. Also, you can follow us on Google News for regular updates.