On this episode of the My TechDecisions podcast, Dustin Childs, senior communications manager at Zero Day Initiative, joins the show to talk about the June 2022 Patch Tuesday and the 60 security bugs Microsoft patched this month.
Among several other bugs Childs says should be patched immediately, Microsoft has fixed Follina, a dangerous remote code execution zero-day in the company’s Windows Support Diagnostic Tool that is being actively exploited.
According to Microsoft, attackers who successfully exploit the bug, tracked as CVE-2022-30190, can run arbitrary code with the privileges of the calling application, and install programs, view change or delete data, or create new accounts in the context allowed by the user’s rights.
The remote code execution (RCE) vulnerability was first discovered late last month by security researchers. Microsoft advised organizations to disable the MSDT URL Protocol to prevent troubleshooters from being launched as links, including links throughout the operating system, but troubleshooters can still be accessed using the Get Help application and in system settings.
Watch the video above or listen via the embedded player to the podcast below to hear about more patches admins should prioritize.
Listen to this podcast using the embedded player below.