Microsoft has patched a Windows bug that allowed China government-backed hackers to exploit it in Microsoft Office to steal and delete users’ data.
The zero-day vulnerability titled Follina in Microsoft Office was being exploited by persistent threat (APT) group TA413 linked to the Chinese government, according to cyber-security firm Proofpoint.
Microsoft recommends that customers install the updates to be protected from the cyber security issue, Microsoft said in its advisory.
Microsoft said customers whose systems are configured to receive automatic updates do not need to take any further action.
Microsoft has released a fix for Follina, a zero-day vulnerability in Windows that’s being exploited by state-backed hackers.
The Follina zero-day vulnerability was initially flagged to Microsoft in April.
Follina affected Microsoft Office 2013, 2016, 2019, 2021, Office ProPlus, and Office 365.
Microsoft said an attacker who exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.
The US Cybersecurity and Infrastructure Security Agency has asked system administrators to implement Microsoft’s guidance for mitigating exploitation.