Microsoft Support Diagnostic Tool exploited in the wild, unofficial patch released

Windows users who want to lower the risk of their systems being exploited by attackers can disable the Microsoft Support Diagnostic Tool URL Protocol.

Last week, security researchers discovered that attackers were actively exploiting a Microsoft Support Diagnostic Tool vulnerability to execute arbitrary PowerShell commands.

The flaw lets malicious actors run code with the privileges of the calling application, which could allow them to view, change, and delete data and install programs and create new accounts.

This exploit affects all Windows versions still receiving security updates, BleepingComputer reported.

Security researcher, Kevin Beaumont, dubbed the vulnerability “Follina” as the sample file references 0438 — the area code of Follina in Italy.

It is tracked under the common vulnerabilities and exposures (CVE) code CVE-2022-30190.

Follina received a common vulnerability scoring system severity rating of 7.8 out of 10, making it a critical flaw that should be mitigated as soon as possible.

Attackers have been using Word documents sent via email to run malicious code via the MSDT protocol.

Beaumont said attackers could bypass Microsoft Office’s Protected View feature by converting the document to Rich Text Format.

Users don’t need to open RTF documents for their system to be infected — the malicious code runs even if targets only preview the file in Explorer.

Although Microsoft has not yet released an official patch for Follina, the company gave workarounds on its Microsoft Security Response Center blog.

The workarounds involve disabling the Microsoft Diagnostic Tool URL Protocol.

For users who want to go a step beyond mitigation, 0patch has released unofficial micropatches for specific versions of Windows.

Now read: FBI arrests ex-NFT marketplace employee

Latest news

Partner Content

Show comments


Share this article
Microsoft Support Diagnostic Tool exploited in the wild, unofficial patch released