30 Wall St., 8th Fl, New York, NY 10005

Free IT Quote: (646)237-4472


Share on facebook
Share on twitter
Share on linkedin

Microsoft fixes Windows zero-day flaw exploited by hackers


Microsoft has released a fix for ‘Folina’. Folina is a zero-day vulnerability in Windows was exploited by state-backed hackers through poisoned Word documents. A zero-day is a computer-software vulnerability previously unknown to those who should be interested in its mitigation, like the vendor of the target software. Until the vulnerability is mitigated, hackers can exploit it to adversely affect programs, data, additional computers or a network.

The document used a remote template feature in Word to retrieve an HTML file from a remote web server. The file then used Microsoft’s ms-msdt MSProtocol URI Schemeto load more code on the target system and executed some Powershell commands. Situation was worsened when the document didn’t even have to be opened to execute its payload. It will run even if the document is displayed in the preview tab of windows explorer.

Microsoft fixes the flaw

The Follina zero-day was initially flagged to Microsoft on April 12. However, a security researcher who goes by the handle Crazyman and was credited with first reporting the vulnerability said in a tweet that Microsoft initially tagged the flaw as not a “security-related issue”.

There was substantial speculation leading up to Patch Tuesday about whether Microsoft would be releasing patches given Microsoft’s early dismissal of the flaw and its widespread exploitation in the weeks since its public disclosure. Tenable, a cybersecurity firm, discovered and disclosed two vulnerabilities in Microsoft’s Azure Synapse Analytics, one of which has been patched and one which has not. Neither of these vulnerabilities were assigned CVE numbers or documented in Microsoft’s security update guide for June. In addition to mitigating Follina, Microsoft fixed three “critical” remote code execution (RCE) flaws. However, none of these have yet been actively exploited.

Miracle Technologies

Here is a glimpse of Miracle Cyber Security Team expertise including but not limited to the following areas:

• Perimeter protection
• Proven Checkpoint, Cisco, PaloAlto, Sonicwall and Watchguard Firewall platforms
• IPS (Intrusion Prevention Systems) and IDS (Intrusion Detection Systems)
• Comprehensive network vulnerabilities risk assessment
• Penetration testing
• Advanced anti-phishing, anti-malware and anti-virus solutions
• Anti-ransomware solutions
• Hosts and endpoints security
• Data centers security
• Cloud and virtualization security
• Mobile devices security
• IT Security Compliance
• 24/7 proactive security monitoring

About us:

  • Miracle Technologies Inc. platform is built upon years of unmatched experience at AT&T Labs Research and renowned Wall Street MSPs
  • Rated #1 IT Support Company NYC, Managed IT Services Provider, IT Consulting Firm, Cyber Security Provider since 2008
  • Providing services across all 50 states
  • MTI IT professionals save the day, when vendors like Microsoft and Cisco can’t fix their own products. How? The Miracle Sauce?
  • Comprehensive IT and Computer Support Services–vendors management, public and private cloud (AWS, Azure), data centers, backend servers, disaster recovery (DR), business continuity planning (BCP), email, Office 365, networking, cyber security, firewalls, routers, switches, desktops, end users support, 24/7 helpdesk, proactive monitoring, Remote Desktop Services (RDS), Citrix, Multifactor Authentication (MFA), development, wiring, VOIP, printing, office moves–and literally everything related to Enterprise IT Infrastructure
  • Competitive pricing. No one beats us on pricing and quality of service 
  • Fixed Bid, On Demand and Hourly packages to meet every budget and need of the IT infrastructure
  • No project is too big or too small for MTI computer support services team. We may manage your entire IT infrastructure or work as an extension to your IT department
  • Crystal clear transparent pricing. Frill free invoicing 
  • 100% retention
  • Registered NY and NYC MBE

Our IT Support Company NYC portfolio includes the following:

  • Banks, hedge funds, trading floors
  • Data management companies
  • Doctors’ offices, health facilities
  • Accountants
  • Retails stores
  • Schools

You may order your free quotes from NYC MSP Miracle Technologies Inc. here at Free Quote For Comprehensive IT Support Solution  

Leave a Reply