Vulnerabilities of any kind are security flaws which could be quite dangerous for the devices and hackers can gain access to one’s personal information. According to security researchers, one of such flaw has been found in Microsoft Windows. As per a report by Bleeping Computer, the vulnerability is named as ‘Follina’ which was publically disclosed last month by the security researchers. Well, Microsoft has acknowledged the flaw and it has finally released a Windows security fix for the vulnerability that has actively been exploited by hackers.

The fix that has been released by Microsoft permits attackers to hack Windows PCs employing a maliciously crafted Microsoft Word document. The security update has been made available for the users on Windows 7 and later. Microsoft has urged the users to install the update 'as soon as possible' to limit attackers from gaining access to their systems.

Microsoft has stated that hackers can attributable to the vulnerability and they will be able to install programs, view, change, or delete information, or produce new accounts within the context allowed by the user’s rights. Hackers will be able to gain access to Microsoft Support Diagnostic Tool (MSDT) — it's related to unremarkably used programs like Office and Word. If the hackers gain access, then it might offer them the facility to tamper with any information on the device.

So “Microsoft recommends installing the updates as soon as possible,” the company noted.

Therefore, the ones who are running Windows version 7 or higher are counseled to update at the earliest without delaying. These Windows users are supposed to install the update by going to the Settings. Just in case, the users have opted for automatic updates, then they are not required to do so as their systems will get updated automatically. “Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action,” said by Microsoft.

As reported last month, the security problem that has been tracked as CVE-2022-30190, was disclosed on Twitter by Tokyo-based cyber-security researcher team Nao_sec. Initially, it appeared to be impacting Microsoft Office, though Microsoft acknowledged that the flaw was associated with Microsoft Support Diagnostic Tool (MSDT) that comes preloaded on Windows software.

It is believed that the attackers would be able to exploit the vulnerability by enforcing PowerShell commands and eventually gain control of the MSDT.

As soon as it became public after which the severe vulnerability was found to be exploited by China-based hackers by exploiting malicious Word documents to Tibetan users. Once the documents are accessed, the attackers would be able to leverage the exploit to regain MSDT access and run tasks that includes the installation of multiple programs or creation of recent user accounts.

Well, as reported by Bleeping Computer, the newest update does not prohibit Microsoft Office from loading Windows URL handlers without the user interactions. It, however, limits attackers to get the control of MSDT by executing PowerShell commands.

The security update is available to all or any users who have a system running Windows 7 or later. Windows ten versions have received it as KB5014699, whereas the update is available as KB5014697 on Windows 11 systems.

The report says that the first hint of the security vulnerability was noticed in April 2022.