A zero-day exploit has been released that will need some attention this week!
First of all, let me explain what a “zero-day exploit” is, in case you don’t know. In the IT world, this is a report of a vulnerability or a flaw that has been identified in software or hardware, which can create opportunities for cybercriminals to “exploit” the opening well before anyone realizes something is wrong. Zero-day exploits are something to review and get patched (or fix via a workaround) as soon as possible.
I.T. Guru stays in consistent communication with IT Industry peers and contacts. Recently, the news of a Microsoft Support Diagnostic Tool (MSDT) vulnerability, known as “Follina,” came across our feeds with an extremely strong warning to get something in place to remediate this threat as soon as possible. Why? Because cybercriminals (so-called “bad actors”) can now exploit this MSDT using a simple URL (weblink) protocol from a calling application, such as MS Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.
In other words, this is a serious breach, and it needs to be resolved manually for now. Microsoft’s Security Response Center issued a workaround, CVE-2022-30190, on Monday, May 30, 2022, regarding the “Follina” vulnerability. You can do it on your own until Microsoft develops and distributes a patch to fix the issue permanently. We strongly recommend that you work with your IT provider or person responsible for maintaining your network to put the following precautions in place:
Workarounds
To disable the MSDT URL Protocol
Disabling MSDT URL protocol prevents troubleshooters from being launched as links including links throughout the operating system. Troubleshooters can still be accessed using the Get Help application and in system settings as other or additional troubleshooters. Follow these steps to disable:
- Run Command Prompt as Administrator.
- To back up the registry key, execute the command “reg export HKEY_CLASSES_ROOT\ms-msdt filename“
- Execute the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f”.
- How to undo the workaround
- Run Command Prompt as Administrator.
- To restore the backup registry key you created above, execute the command “reg import filename”
If you are a client of I.T. Guru, we will be developing a script that will run all this in the background against all managed machines.
If you are in need of assistance in assuring your veterinary clinic or hospital is protected, I.T. Guru can complete a Security Assessment to ensure this and the many other layers of necessary protection are in place in your practice. Learn more about them here, and reach out to contact us for a complimentary 20-minute consultation here.