Microsoft fixes bug that let Chinese hackers target Windows users


New Delhi, Jun 16 (IANS): Microsoft has patched a serious Windows bug that allowed China government-backed hackers, who previously targeted the Tibetan government-in-exile based in Dharamshala, to actively exploit it in Microsoft Office to steal and delete users' data.

According to cyber-security firm Proofpoint, the newly-discovered zero-day vulnerability titled 'Follina' in Microsoft Office was being exploited by advanced persistent threat (APT) group 'TA413' linked to the Chinese government.

"Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability," Microsoft said in its latest advisory on Wednesday.

"Customers whose systems are configured to receive automatic updates do not need to take any further action," the company added.

Microsoft has finally released a fix for 'Follina', a zero-day vulnerability in Windows that's being actively exploited by state-backed hackers.

The 'Follina' zero-day vulnerability was initially flagged to Microsoft in April.

'Follina' affected Microsoft Office 2013, 2016, 2019, 2021, Office ProPlus, and Office 365.

"An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programmes, view, change, or delete data, or create new accounts in the context allowed by the user's rights," alerted the company.

The US Cybersecurity and Infrastructure Security Agency has also asked system administrators to implement Microsoft's guidance for mitigating exploitation.

Chinese hackers have a long history of using software security flaws to target Tibetans.

 

  

Top Stories


Leave a Comment

Title: Microsoft fixes bug that let Chinese hackers target Windows users



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.