File this away under “good news, bad news.”
The bad news is that there’s a new, critical zero-day threat to be concerned about. The threat has been dubbed ‘Follina.’
It is being tracked as CVE-2022-30190 and is being described by Microsoft as an MSDT (Microsoft Windows Support Diagnostic Tool) remote code execution flaw that impacts all version of windows still getting security updates, including Windows 7+ and Server 2008+.
It’s a serious bug that puts your system at risk. Even worse is that Microsoft doesn’t currently have a patch to fix it. Although they have issued a bulletin outlining some mitigation steps you can take to help minimize your risk until an official patch is released.
The good news:
There’s an unofficial patch offered by opatch for Windows 11, v 21H2, Windows 10 (versions 1803 through 21H2), Windows 7 and Windows Server 2008R2.
Microsoft’s mitigation strategies advise disabling the MSDT URL protocol handler to minimize your risk. However, this mini patch provides a means of sanitizing the user-provided path to avoid rendering the Windows Diagnostic stuff inoperable.
Opatch co-founder Mitja Kolsek had this to say about their patch:
“Note that it doesn’t matter which version of Office you have installed, or if you have Office installed at all: the vulnerability could also be exploited through other attack vectors.
That is why we also patched Windows 7, where the ms-msdt: URL handler is not registered at all.”
Best of all is that the only thing you have to do to get this unofficial patch is register for an opatch account and install the opatch agent. Once you run the agent, it will automatically download the patch and apply it for you unless your network has a security policy in place that prevents that.
It’s a good solution offered by a great company and is highly recommended.