Follina Update (CVE-2022-30190): Patch available

Microsoft Office has released patches for the Follina vulnerability CVE-2022-30190 (Follina) with the June 14, 2022 Windows Security Update. Appropriate vulnerability tests have been implemented in the Greenbone Enterprise Feed and the Greenbone Community Feed, allowing you to test your network for the vulnerability and take protective measures using the patches. Read more information about the latest Follina update here.

The vendor refers to the following security updates to close the vulnerability:

  • KB5014678: Windows Server 2022
  • KB5014697: Windows 11
  • KB5014699: Windows 10 Version 20H2 – 21H2, Windows Server 20H2
  • KB5014692: Windows 10 Version 1809 (IoT), Windows Server 2019
  • KB5014702: Windows 10 1607 (LTSC), Windows Server 2016
  • KB5014710: Windows 10 1507 (RTM, LTSC)
  • KB5014738: Monthly Rollup Windows Server 2012 R2, Windows RT 8.1, Windows 8.1
  • KB5014746: Security only Windows Server 2012 R2, Windows RT 8.1, Windows 8.1
  • KB5014747: Monthly Rollup Windows Server 2012
  • KB5014741: Security only Windows Server 2012
  • KB5014748: Monthly Rollup Windows Server 2008 R2, Windows 7 SP1
  • KB5014742: Security only Windows Server 2008 R2, Windows 7 SP1

This means that security updates are available for all versions of Windows Server and Client that are still in support. The vulnerability is rated as “important”, which means that users should install the updates promptly to close the gap.
Microsoft said, “The update for this vulnerability is included in the June 2022 Windows Cumulative Updates, and Microsoft strongly recommends that all customers install the updates to fully protect themselves from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to perform any further actions.”

Installing the June 14 patches is all the more important because attackers and security professionals have already found several ways to exploit the vulnerability, but Microsoft has so far only offered workarounds (see also our blog article).
Greenbone has integrated corresponding vulnerability tests into the Greenbone Community Feed and the Greenbone Enterprise Feed and thus offers the possibility to test the network for this vulnerability and to take protective measures if necessary or to use the new Microsoft patches.