Security News

Microsoft ‘Follina’ Office Vulnerability: How To Prevent It

Steven Burke, Jay Fitzgerald

Here are the steps Microsoft and MSP security stalwarts Huntress, ThreatLocker, Sophos and Blackpoint Cyber are recommending to MSPs to prevent the Follina zero-day vulnerability from wreaking havoc.

Sophos, Blackpoint Cyber Recommends Microsoft Workaround To Stop Follina Threat

Security software provider Sophos is recommending that MSPs and users follow Microsoft’s recommendation to disable the MSDT URL protocol.

“A workaround that was quickly agreed upon in the community, and has since been officially endorsed by Microsoft, is simply to break the relationship between ms-msdt: URLs and the MSDT utility,” wrote Sophos Principal Research Scientist Paul Ducklin in a blog post. “This means that ms-msdt: URLs no longer have any special significance, and can’t be used to force MSDT.EXE to run.”

MSPs that discover they can not “live without” MSDT URLs can always replace the missing registry data later, wrote Ducklin.

“Just for the record, we’ve never even seen an ms-msdt URL before, let alone relied on one, so we had no hesitation in deleting this registry setting on our own Windows computer,” wrote Ducklin.

Blackpoint Cyber in a Twitter post also pointed MSPs to the Microsoft workaround.

In a followup Tweet, Blackpoint Cyber said the vulnerability impacted Microsoft Office versions 2013, 2016, 2019 and 2021 as well as Professional Plus versions of Office. “We urge partner to review the workaround,” tweeted Blackpoint Cyber.


Sponsored Post