From itsecurityguru.org
Microsoft issued its last regular patch update round this week, fixing over 50 CVEs, including the malicious zero-day bug “Follina.”
Officially named CVE-2022-30190, Follina, as reported last week, is being exploited in the wild by state-backed actors and the operators behind Qakbot, which has links to ransomware groups. It’s a remote code execution (RCE) bug affecting the popular utility Windows Support Diagnostic Tool (MSDT).
As well as patching Follina, Microsoft patched three other critical vulnerabilities this month.