Security News > 2022 > June > Windows MSDT zero-day vulnerability gets free unofficial patch
A free unofficial patch is now available to block ongoing attacks against Windows systems that target a critical zero-day vulnerability known as 'Follina.
The bug, now tracked as CVE-2022-30190 and described by Redmond as a Microsoft Windows Support Diagnostic Tool remote code execution flaw, impacts all Windows versions still receiving security updates.
Attackers who successfully exploit this zero-day can execute arbitrary code with the privileges of the calling app to install programs, view, change, or delete data, or create new Windows accounts as allowed by the user's rights.
It would be best to toggle off the Preview pane in Windows Explorer to remove it as an additional attack vector exploitable when previewing malicious documents.
Windows Server 2008 R2. Instead of disabling the MSDT URL protocol handler, 0patch has added sanitization of the user-provided path to avoid rendering the Windows diagnostic wizardry inoperable across the OS for all applications.
CISA has also urged Windows admins and users to disable the MSDT protocol after Microsoft reported active exploitation of the vulnerability in the wild.
News URL
Related news
- Zero-Day Vulnerability in Ivanti VPN (source)
- Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- Windows Patch Tuesday hits snag with Citrix software, workarounds published (source)
- 7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now (source)
- Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day (source)
- Don't want your Kubernetes Windows nodes hijacked? Patch this hole now (source)
- Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-01 | CVE-2022-30190 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Microsoft products A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. | 0.0 |