Our response to the zero-day “Follina” vulnerability
On Monday, May 30, 2022, Microsoft disclosed the “Follina” dubbed remote code execution (RCE) CVE-2022-30190 zero-day vulnerability, affecting Microsoft Office products.
Zero-day means no patch is available yet, and our InfoSec department here at COMPTEC I.T acted quickly and worked overnight to provide a response for our clientele and partner network.
Once we got them covered, we decided to contribute to the worldwide I.T community and make our scripts publicly available.
The first script, BackupandRemove-ms-msdt, follows Microsoft’s workaround to disable the MSDT URL protocol by deleting the “HKEY_CLASSES_ROOT\ms-msdt” Registry key.
The second script, DisableScriptedDiagnostics, creates a Registry key which prohibits users from accessing or running the troubleshooting tools from the Control Panel. You can read more on this here.
The scripts have been tested in Windows Server 2012 R2 to Windows Server 2019 and Windows 10/Windows 11 releases and can be deployed through either Active Directory Group Policy Management OR Microsoft Endpoint Manager (Intune MDM) OR any other 3rd party software that can push scripts in an environment.
You can download them both from our GitHub repository.
If you want to spread the word in your network, feel free to share this post!