Microsoft’s June Patch Tuesday includes a belated repair for a remote code execution vulnerability named Follina. The vulnerability works when actors send malicious Office files containing a link to a. HTML file that executes code in the Microsoft Support Diagnostic Tool. It works even with macros disabled and when previewing, rather than opening, an Office file. The fix must have been a late addition this month because it was not shown in the breakdown of CVEs for each patch, says Todd Schell, principal product manager at Ivanti.”]
Source: https://www.databreachtoday.com/late-fix-for-follina-on-microsoft-patch-tuesday-a-19353