Microsoft has issued a workaround for a vulnerability in its Microsoft Support Diagnostic Tool (MSDT) “Follina” vulnerability in Windows.
On May 30, 2022, Microsoft released the guidance for the MSDT remote code execution vulnerability CVE-2022-30190 (CVSS 7.8). A remote, unauthenticated attacker could exploit this vulnerability to take control of an impacted system
“A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights,” Microsoft wrote in the advisory.
Microsoft issued workaround steps to disable MSDT in Windows:
- Run Command Prompt as Administrator.
- To back up the registry key, execute the command “reg export HKEY_CLASSES_ROOT\ms-msdt filename“
- Execute the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f”.
Microsoft added that by disabling the MSDT protocol, troubleshooters can no longer be launched as links throughout the Windows operating system. However, troubleshooters can still be accessed using the ‘Get Help’ application and in system settings as other or additional troubleshooters.
Moreover, Microsoft confirmed that “exploitation was detected” and will update CVE-2022-30190 with more information as it becomes available.