Background

We have been following one of YouTube’s IT security channels, and they mentioned Zero Day in relation to Microsoft Office (Follina). After researching this, we found that the vulnerability is actually related to Microsoft Support Diagnostic Tool. The detail of the attack is mentioned on this – https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e

Temporary Solution

According to Microsoft Blog, there is no solution as yet only a workaround – https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/

The solution is to block the MSDT protocol to launch the troubleshooter.

To test this, we open a browser and type in:

ms-msdt://

If it launched a pop-up, it means that the hacker/attacker can exploit this.

To disable this, we run a Command Prompt as Administrator.

To back up the registry to C: root drive, we run the command:

reg export HKEY_CLASSES_ROOT\ms-msdt C:\msdt_regkey_backup.reg

To delete the registry, we run the command:

reg delete HKEY_CLASSES_ROOT\ms-msdt /f

At this point, it’s protected until the patch comes in.

To restore the registry, we run the command:

reg import C:\msdt_regkey_backup.reg

The other suggestion will be upon checking the endpoint security provider.

Also, keep checking the update from the Microsoft Security Response Centre.

The End

Congratulation on reaching the end of this article. We hope that we have been able to shed some light on outlining what you need to know to solve the Microsoft Support Diagnostic Tool Vulnerability.

We write this in such a way that this is not a fixed article. Like in this journey, We learn as we go and we re-write some parts of the article so please keep pinging with this article or any general tech posts.

We also would love to hear about how you deal with the situation and what IT-related challenges you might be facing. Please feel free to leave us a comment below this article or you can contact us on the Dewacorp website for your IT support, application integration, application development, or other IT-related. Alternatively, you can casually have a chat on Dewachat. Let us know if you have any questions that we can help with!

Big thank you for the photo by Kevin Paster from Pexels.

If you want to boost your product and service to the wider web community, you can visit our Dewalist classified website – home to 15,000+ active users and 25,000+ active advertising so far. Check it out!

If you love this security article or any security posts and you would like to receive an update of this article or our latest post, please sign up for the form below: