Windows Follina Zero-Day Mitigation
Posted: Thu Jun 09, 2022 11:08 am
Despite the fact that the tech news media is making this out to be an MS Office problem, it's more than that. It's a feature built into all versions of Windows and can be exploited even if Office is not installed.
This has been seen in the wild, and can be exploited as a "no-click" attack.
You can read the boring drivel here: https://www.bleepingcomputer.com/news/s ... g-attacks/
But Steve Gibson posted a mitigation published by Microsoft that essentially removes the ms-msdt protocol handler from the registry. No one needs this feature, so it shouldn't break anything.
1. Run Command Prompt as Administrator.
2. Execute the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f”
3. Reboot
To play safe, backup your registry first, or just the entire HKEY_CLASSES_ROOT\ms-msdt\ entry.
This has been seen in the wild, and can be exploited as a "no-click" attack.
You can read the boring drivel here: https://www.bleepingcomputer.com/news/s ... g-attacks/
But Steve Gibson posted a mitigation published by Microsoft that essentially removes the ms-msdt protocol handler from the registry. No one needs this feature, so it shouldn't break anything.
1. Run Command Prompt as Administrator.
2. Execute the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f”
3. Reboot
To play safe, backup your registry first, or just the entire HKEY_CLASSES_ROOT\ms-msdt\ entry.