TT-CSIRT-403.01.06.22: Workaround Guidance for MSDT Vulnerability
Microsoft has released workaround guidance to address a remote code execution (RCE) vulnerability—CVE-2022-30190, known as “Follina”—affecting the Microsoft Support Diagnostic Tool (MSDT) in Windows. This vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application.
TT-CSIRT strongly encourages administrators to review the following post from Microsoft and apply the necessary workarounds immediately:
TT-CSIRT also strongly recommends that administrators keep endpoint security solutions up-to-date in order to help curb exploitation of this vulnerability.