Microsoft ‘Follina’ Office Vulnerability: How To Prevent It
Steven Burke, Jay Fitzgerald
Here are the steps Microsoft and MSP security stalwarts Huntress, ThreatLocker, Sophos and Blackpoint Cyber are recommending to MSPs to prevent the Follina zero-day vulnerability from wreaking havoc.
Microsoft: Disable The MSDT URL Protocol
Microsoft recommends disabling MSDT URL protocol which prevents “troubleshooters being launched as links including links throughout the operating system.” Here are the three steps Microsoft recommends:
1. Run Command Promptas Administrator.
2. To back up the registry key, execute the command “reg export HKEY_CLASSES_ROOT\ms-msdt filename”
3, Execute the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f”
Microsoft also recommends that MSPs or customers with Microsoft Defender Antivirus “turn on cloud delivered protection and automatic sample submission.” That provides “artificial intelligence and machine learning” capabilities aimed at stopping new and unknown threats.
Microsoft said that if the attack is being launched from a Microsoft Office application Microsoft Office by default “opens documents from the internet in Protected View or Application Guard for Office, both of which prevent the current attack.”