Testing performed by Sophos confirms that Tuesday’s KB5014699 Windows update neutralizes the Follina exploit, which allowed malicious Microsoft Word files to execute Powershell commands on target systems.
What just happened? A severe Microsoft Office vulnerability has allowed attackers to execute code on target systems that bypass most security measures for at least a month. Researchers say this week’s Patch Tuesday has neutralized the vulnerability that state-backed hackers had exploited. Testing performed by Sophos confirms that Tuesday’s KB5014699 Windows update neutralizes the Follina exploit, which allowed malicious Microsoft Word files to execute Powershell commands on target systems. The exploit affected Office 2013, 2016, 2019, 2021, and some versions of Microsoft 365 on Windows 10 and 11.
