June’s Patch Tuesday includes a belated repair for a remote code execution vulnerability named Follina. The vulnerability works when actors send malicious Office files containing a link to a Word document that executes code in the Microsoft Support Diagnostic Tool. The bug works even with macros disabled and when previewing, rather than opening, an Office file. Microsoft’s solution was to have system administrators disable the tool’s ability to retrieve webpages. The fixes address vulnerabilities such as privilege escalation, remote codeexecution, spoofing, denial of service, security feature bypass.”]
Source: https://www.careersinfosecurity.com/late-fix-for-follina-on-microsoft-patch-tuesday-a-19353