Zero-day vulnerabilities are security flaws that can be quite harmful for your devices and hackers can gain access to your personal data. One such flaw has been found in Microsoft Windows, according to security researchers. As per a report by Bleeping Computer, the vulnerability is called Follina and Microsoft acknowledged the flaw. Microsoft has also released a fix via an update and has urged users to upgrade immediately.
In a blog post, Microsoft explained that “a remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application.” Microsoft said that hackers — because of the vulnerability — can install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. “Microsoft recommends installing the updates as soon as possible,” the company noted.
Hackers can gain access to Microsoft Support Diagnostic Tool (MSDT) — it is associated with commonly used programs like Office and Word. If the hackers gain access, then it would give them the power to tamper with any data on the device.
Those who are running Windows version 7 or higher are recommended to update as soon as possible. In case users have opted for automatic updates, then they don’t need to do so as their systems will be updated automatically. “Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action,” stated Microsoft in the blog post.
The report says that the first hint of the security vulnerability was spotted in April 2022.