This month’s Patch Tuesday has brought us some improvements and fixes for issues associated with Microsoft Edge Stable Channel (Version 102.0.1245.39), which incorporates the latest Security Updates of the Chromium project for CVE-2022-2011, CVE-2022-2010, CVE-2022-2008, and CVE-2022-2007.
The Follina Vulnerability Remains Unpatched
The most important vulnerability to be addressed, remains CVE-2022-30190, as it was discovered that hosts that rely upon MSDT from apps like Word or Excel are susceptible to the remote code execution vulnerability that has been dubbed the Follina Vulnerability.
Whenever the user interacts with the system, they will be taken to Microsoft’s Support page via a URL protocol. An interceding threat actor has the potential to get local user rights while data is being sent. This would allow the actor to execute malicious arbitrary code on the host computer.
In addition, according to Microsoft, if the vulnerability were successfully exploited, it would provide an attacker with the same sort of capabilities (such as the ability to remove data, alter data, view data, or create a new account) as the program that was doing the calling. There is currently no official solution available to solve the MSDT vulnerability. Microsoft has provided users with a number of different workarounds, which are