How to Fix Microsoft “Follina” MSDT Windows Zero-Day Vulnerability

Jun. 2, 2022



“A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights,”explainsMicrosoft.

At this point, you might be wondering why Microsoft’s Protected View won’t stop the document from opening the link. Well, that’s because the execution could happen even beyond Protected View’s scope. As researcher John Hammondhighlightedon Twitter, the link could get executed right from the Explorer’s preview pane as a Rich Text Format (.rtf) file.

According toArsTechnica’sreport, researchers at Shadow Chaser Group had brought the vulnerability to Microsoft’s attention as early as April 12. Although Microsoft replied a week later, the companyseems to have dismissed itas they couldn’t replicate the same on their end. Nevertheless, the vulnerability is now flagged zero-day, and Microsoft recommends disabling the MSDT URL protocol as a workaround to protect your PC from the exploit.

  1. Press the Win key on your keyboard andtype “Cmd”or “Command Prompt”. When the result appears, choose “Run as administrator” to open an elevated Command Prompt window.

  2. Before you modify the registry, use the command below to take a backup. This way, you can choose to restore the protocol once Microsoft rolls out an official patch. Here, the file path refers to the location where you want to save the .reg backup file.

  3. You can now run the following command to disable the MSDT URL protocol. If successful, you will see the text “The operation completed successfully” in the Command Prompt window.

  4. To restore the protocol later, you will have to use the registry backup you made in the second step. Run the command below, and you will have access to the MSDT URL protocol again.

Protect Your Windows PC from MSDT Windows Zero-Day Vulnerability

Protect Your Windows PC from MSDT Windows Zero-Day Vulnerability

Subin writes about consumer tech, software, and security. He secretly misses the headphone jack while pretending he’s better off with the wireless freedom.

Powered by Hugo