Windows security updates have been causing issues of their own in recent months, but this is one you shouldn’t hold off on installing. Microsoft’s June patch fixes a major bug that can be used to infect all versions of Windows the company still supports.
Known as Follina, the zero-day vulnerability typically uses malicious Word documents to take control of the Microsoft Support Diagnostic Tool (MSDT). The app itself is unable to detect the threat until it’s too late, giving hackers free rein to execute a variety of dangerous commands.
A recent case in Tibet found evidence of Follina being used to install programs, create user accounts and modify data stored on the target device, often without the user’s knowledge. As Bleeping Computer also discovered, it can be expanded to harvest a variety of personal data, from browser passwords to email information.
The vulnerability isn’t limited to Asia, either, with evidence of similar phishing campaigns in the US and Europe. These currently target government agencies, but there’s no reason to suggest they won’t be expanded to include consumer devices.
The issue was first discovered in late May, with Microsoft promptly recommending several workarounds. But two weeks later, the company has released a more formal update that it’s urging everyone to download. This is version KB5014699 on Windows 10, but KB5014697 on Windows 11.
To install it, simply head to Settings > Update & Security and click ‘Check for updates’. You may need to clear any outstanding updates for it to appear, but there’s no need to install Windows 11 first if you’re still running Windows 10. Even if you have automatic updates turned on, it’s worth making sure the latest version is installed.
With several devices already affected by the vulnerability, it’s worth installing the patch as soon as possible to protect vital information from hackers.