From bleepingcomputer.com
A free unofficial patch is now available to block ongoing attacks against Windows systems that target a critical zero-day vulnerability known as ‘Follina.’
The bug, now tracked as CVE-2022-30190 and described by Redmond as a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution flaw, impacts all Windows versions still receiving security updates (Windows 7+ and Server 2008+).
Attackers who successfully exploit this zero-day can execute arbitrary code with the privileges of the calling app to install programs, view, change, or delete data, or create new Windows accounts as allowed by the user’s rights.