Rampart CIO

MS Follina Vulnerability – A DIY Approach

As you are probably aware, on May 30 Microsoft issued CVE-2022-30190 regarding a vulnerability in the Microsoft Support Diagnostics Tool. This vulnerability carries a base score of 7.8 (HIGH) and the risk for businesses and governments is rated HIGH, regardless of size.  It affects all Windows versions starting at Windows 7 SP1 and Server 2008 SP2, and active exploits have been observed in the wild. Almost 2 weeks after issuing the CVE, Microsoft still hasn’t released a patch to resolve the issue, opting instead to provide guidance on how to disable the tool completely.

The process involves backing up a registry key, deleting the key and hopefully in the future, restoring the key. We are going to walk through those steps.

Start by opening a command prompt using an administrator account that can write to the C drive.

We are going to back up the registry key at HKEY_CLASSES_ROOT\ms-msdt. This example saves the backup file MSDT_backup.reg on the C drive.

To backup the registry key, copy and paste the below command into the command prompt and run it.

reg export HKEY_CLASSES_ROOT\ms-msdt c:\MSDT_backup.reg

When that completes you should see a message that reads. “The operation completed successfully.”

Now that you’ve successfully backed up the key, let’s delete it.

In the same window, run the below command.

reg delete HKEY_CLASSES_ROOT\ms-msdt /f

Once you see the success message again, you are done. You’ve disabled the Microsoft Support Diagnostic Tool on the system.

Once Microsoft releases an actual fix for the issue, you can run the final command which will restore the deleted key.

reg import c:\MSDT_backup.reg

If you want to go the batch file route, make sure that you test so you aren’t deleting the keys without backing them up first. 

Let me know your thoughts in the comments, especially on whether you think Microsoft should be taking more action to address this issue.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>