An actively exploited Microsoft 0-day flaw still doesn’t have a patch - Ars Technica

An actively exploited Microsoft 0-day flaw still doesn’t have a patch - Ars Technica
Enlarge
mturhanlar | Getty Images

reader comments
21 with 20 posters participating


Share this story





  • Researchers warned last weekend that a flaw in Microsoft's Support Diagnostic Tool could be exploited using malicious Word documents to remotely take control of target devices. Microsoft released guidance on Monday, including temporary defense measures. By Tuesday, the United States Cybersecurity and Infrastructure Security Agency had warned that “a remote, unauthenticated attacker could exploit this vulnerability,” known as Follina, “to take control of an affected system.” But Microsoft would not say when or whether a patch is coming for the vulnerability, even though the company acknowledged that the flaw was being actively exploited by attackers in the wild ..

    Support the originator by clicking the read the rest link below.