Daily Archives: May 31, 2022

  • Zero day in office – but don’t panic

    Microsoft Releases Workaround Guidance for MSDT “Follina”; Vulnerability

    05/31/2022 11:11 AM EDT

    Original release date: May 31, 2022

    Microsoft has released workaround guidance to address a remote code execution (RCE) vulnerability—CVE-2022-30190, known as “Follina”—affecting the Microsoft Support Diagnostic Tool (MSDT) in Windows. A remote, unauthenticated attacker could exploit this vulnerability to take control of an affected system. Microsoft has reported active exploitation of this vulnerability in the wild.

    CISA urges users and administrators to review Microsoft’s Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability and apply the necessary workaround.


    Here at Askwoody we are a bit more savvy.  WE DON’T OPEN THINGS WE AREN’T EXPECTING.  That said if you do want to proactively protect yourself ….

    Group policy fix – Just disable “Troubleshooting wizards” by GPO  see the location here:

    Registry fix:

    click on the search box, type in cmd

    Right mouse click on cmd in the menu bar to RUN AS ADMIN

    type in reg delete HKEY_CLASSES_ROOT\ms-msdt /f

    Click enter

    If you want to restore it back:

    This registry key will restore the troubleshooting wizard – link here

    Click on the downloads, double click to launch, follow the slightly scary instructions to import the registry key back in.

    =================

    Update 6/1/2022

    Now the URI for Search is being abused.

    Once again if you want to proactively protect yourself

    Run Command Prompt as Administrator.

    Execute the command “reg delete HKEY_CLASSES_ROOT\search-ms /f”

    If you want to restore it back, click here