Follina zero-day vulnerability in Microsoft Office
Follina zero-day vulnerability in Microsoft Office
MSDT 0-Day Follina CVE-2022-30190
It's a vulnerability found in the MSDT ( Microsoft Support Diagnostic Tool ), 0-Day RCE vulnerability which an attacker can use to run any malicious program on the target system or a reverse shell on the targeted system which led to the full control of the system.
What is MSTD?
The Microsoft Support Diagnostic Tool collects the information to send to the Microsoft support. You can say it as a troubleshooter, Microsoft support will then analyze this information and use it to determine the resolution to the problem that you may be experiencing on your computer.
Vulnerability in MSDT
Microsoft has acknowledged a 0-day RCE ( remote code execution ) vulnerability in their MSDT service when MSDT is called using the URL protocol from calling applications such as Word. An attacker who successfully exploits this issue can run harmful code with the privileges of the calling application. The attacker can then install can do anything in the system allowed by the user's right.
It's the Vulnerability working on all the Microsoft offices which are 7, 13, 16, 19, 21
Microsoft also has given the for being safe this vulnerability. This issue is not been successfully patched.
Disabling the MSDT URL Protocol
As we know this vulnerability used the URL Protocol, you can disable that protocol with the commands listed below:-
- Run Command Prompt as Administrator.
- To back up the registry key, execute the command “reg export HKEY_CLASSES_ROOT\ms-msdt filename“
- Execute the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f”.
Revert Back the Changes
- Run Command Prompt as Administrator.
- To restore the registry key, execute the command “reg import filename”
Microsoft Defender Detections & Protections
If you are using Microsoft Defender Antivirus, then you should turn on cloud-delivered protection and automatic sample submission. As it is capable of quickly identifying and stopping new and unknown threats.
Protecting yourself from Follina
Below are some tips that you can follow to ensure your safety from the Follina:-
- Try not to open any Microsoft-office files until the patch comes, especially if it's coming from an unknown source.
- If you use an antivirus keep your virus-definition updated
Conclusion:-
So, there is the information about the Follina 0-day RCE vulnerability, which is based on URL Protocol.
