FAQ: Mitigating Microsoft Office’s ‘Follina’ zero-day
Credit to Author: Threat Intelligence Team| Date: Wed, 01 Jun 2022 16:36:44 +0000
On Monday May 30, 2022, Microsoft issued CVE-2022-30190, a new vulnerability ‘Follina’ already being exploited in the wild (zero-day) via malicious Word documents.
Q: What exactly is Follina?
A: Follina is the nickname given to a new vulnerability discovered as a zero-day and identified as CVE-2022-30190. In technical terms it is a Remote Code Execution Vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT).
Q: But what does it mean, and is this a serious vulnerability?
A: An attacker can send you a malicious Office document containing this vulnerability and compromise your machine with malware. It is serious since it is already actively being exploited in the wild.
Q: How can I protect my devices from Follina?
A: While waiting for an official patch from Microsoft, the best mitigation consists of disabling the MSDT URL Protocol.
- Run the Command Prompt as Administrator.
- To back up the registry key, execute the command “reg export HKEY_CLASSES_ROOTms-msdt filename“
- Execute the command “reg delete HKEY_CLASSES_ROOTms-msdt /f”.
Q: Does Malwarebytes protect from Follina?
A: Yes, it does. Please see additional steps below based on your product to ensure you are protected.
How to add protection for Malwarebytes Premium (Consumer)
Follow the instructions below to add sdiagnhost.exe as a new protected application.
How to add protection on Malwarebytes Nebula (Enterprise)
Follow the instructions below to add sdiagnhost.exe as a new protected application.
The post FAQ: Mitigating Microsoft Office’s ‘Follina’ zero-day appeared first on Malwarebytes Labs.