Microsoft Windows, the most widely used operating system for computers worldwide, has discovered a significant vulnerability that a simple MS Word document may exploit.
Microsoft officially disclosed the flaw, which affects 32 versions of Windows, and it has been granted a ‘high’ severity rating by the Indian Computer Emergency Response Team (CERT-In). Preliminary evidence suggests that the vulnerability has already been exploited to target Indian consumers.
CVE-2022-30190 was given to the formerly known vulnerability as ‘Follina.’ Every officially acknowledged vulnerability is granted a CVE number for easy reference and subsequent study.
Follina belongs to the ‘Zero Day vulnerabilities group,’ which are flaws that are only found after malevolent hackers have exploited them. Because there are no days between discovery and exploitation, “Zero Day” is employed.
According to a Microsoft advisory published on its official website, the vulnerability is exploited by emailing an MS Word document to the targets. The vulnerability allows the hidden code inside the document to embed itself in the system the instant the victim opens it or even previews it.
According to Microsoft, “the attacker can then install programs, view, alter, remove data, or establish new accounts.”
Microsoft provided extensive instructions for Windows users to eliminate the vulnerability and secure their PC.
While Follina is only now being legally recognized, research indicates that it has been around and exploited since October 2021 adds to the gravity of the situation.
Independent cybersecurity researchers have been talking about Follina for days, and it appears that India is one of the nations where the flaw was exploited. Researchers regularly monitor talks on the dark web regarding the most recent vulnerabilities exploited by hackers, then independently verify the allegations and communicate their findings to the appropriate parties.
For further reading: Think Of These Top 7 Common Security Threats For Enterprise App Development
For our team’s latest technological insights and news, visit- News insights and technology updates
News source: Freepressjournal