Mumbai: Fifteen days after it was officially acknowledged, Microsoft has finally released a patch for Follina, a zero-day vulnerability affecting 32 of its versions. The patch has been long-awaited, especially in light of reports that Follina has been exploited actively in several countries, including India. Microsoft, in its official update, has also admitted that Follina has been exploited.
The vulnerability, officially dubbed as CVE-2022-30190, was dubbed Follina by cybersecurity researcher Kevin Beaumont, after he found an MS Word document that was used to exploit it. The file name contained the numbers ‘0438’, which is the telephone code for the municipality of Follina in Italy. Follina raised serious concerns among researchers and law enforcement officials, as it is widely used the world over.
On Tuesday, Microsoft published an official update on its website, where it released patches for several vulnerabilities, including Follina. The move was part of Microsoft’s ‘Patch Tuesday’ tradition, where the tech giant releases patches every Tuesday for multiple vulnerabilities and issues with its products.
“Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action,” Microsoft stated in its update.
While Follina was only acknowledged on May 31 this year, multiple reports by independent cybersecurity researchers suggest that it has been active since at least October 2021. It was reportedly exploited to target victims in India, Nepal and the Philippines in March 2022, Russia in April and Belarus in May.
Even as the world continues to debate the seriousness of Follina, fresh reports of it being exploited started coming in. Latest research indicates that cybercriminals used Follina to infect target computers with a malware called Qbot. Active for several years, Qbot is a banking trojan specifically programmed to seek and steal the banking credentials of the targets once it is inside their devices.
Microsoft’s own update also confirms that it has “detected exploitation” in the case of Follina.
The vulnerability falls under the Zero Day category, meaning that such vulnerabilities are only discovered when they are exploited and hence, there are zero number of days between their discovery and exploitation.
