Security News > 2022 > June > Windows MSDT zero-day vulnerability gets free unofficial patch
A free unofficial patch is now available to block ongoing attacks against Windows systems that target a critical zero-day vulnerability known as 'Follina.
The bug, now tracked as CVE-2022-30190 and described by Redmond as a Microsoft Windows Support Diagnostic Tool remote code execution flaw, impacts all Windows versions still receiving security updates.
Attackers who successfully exploit this zero-day can execute arbitrary code with the privileges of the calling app to install programs, view, change, or delete data, or create new Windows accounts as allowed by the user's rights.
It would be best to toggle off the Preview pane in Windows Explorer to remove it as an additional attack vector exploitable when previewing malicious documents.
Windows Server 2008 R2. Instead of disabling the MSDT URL protocol handler, 0patch has added sanitization of the user-provided path to avoid rendering the Windows diagnostic wizardry inoperable across the OS for all applications.
CISA has also urged Windows admins and users to disable the MSDT protocol after Microsoft reported active exploitation of the vulnerability in the wild.
News URL
Related news
- New Windows zero-day exposes NTLM credentials, gets unofficial patch (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
- New Windows Server 2012 zero-day gets free, unofficial patches (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- Microsoft says premature patch could make Windows Recall forget how to work (source)
- Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-01 | CVE-2022-30190 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Microsoft products A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. | 0.0 |