web analytics
Home » Technology » Follina Vulnerability Fixed via Patch, But Zero Day Vulnerability Remains

Follina Vulnerability Fixed via Patch, But Zero Day Vulnerability Remains

With the new updates for June Patch Day, Microsoft has fixed a number of vulnerabilities for different versions of Windows. After the first analysis, however, it is now clear: that a known zero-day gap is not (yet) being addressed. The unpatched vulnerability is a vulnerability in the Microsoft Diagnostic Tool, which a security researcher named DogWalk. The information about this vulnerability was not made public until early June 2022 – the Security researcher Imre Rad discovered the problem two years ago and reported it to Microsoft.

It wasn’t until another problem with the Microsoft Diagnostic Tool, Follina, surfaced and security authorities raised the alarm that the vulnerability was already being actively exploited, that the DogWalk zero-day vulnerability gained more attention — but not at Microsoft. Follina was fixed as part of patch day, DogWalk was not.

Follina vulnerability Fixed

Microsoft rated Follina as “high” in severity and recommended immediate corrective action. With the June patches, the measures become redundant and the security solution is permanent. Microsoft strongly advises its customers to quickly install the new Windows updates to be fully protected against vulnerability.

Bypass Path Vulnerability

With DogWalk, Microsoft sees things differently. The Windows team had stated that it did not require “immediate action”. No CPU has been assigned yet. DogWalk exploits a path bypass vulnerability that causes a payload to end up in the Windows startup folder. This allows injected malware to run the next time the user logs on to their system normally.