"Follina" Microsoft Support Diagnostic Tool Vulnerability

Published on 01 Jun 2022

Updated on 01 Jun 2022

Microsoft has released a security notice regarding a remote code execution vulnerability (CVE-2022-30190) in Microsoft Support Diagnostic Tool (MSDT). There are reports of the vulnerability being exploited in the wild.

Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code with the privileges of the calling application. It also enables the attacker to install programs, view, change, delete data, or create new accounts in the context allowed by the user's rights.

The patch for this vulnerability is not available yet. In the meantime, users and administrators are advised to disable the MSDT URL protocol. Please refer to the workaround and detection steps published by Microsoft here.


References:

https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/
https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug