IT Professionals:
On May 30th, Microsoft issued CVE-2022-20190, codenamed Follina, in regards to a zero-day exploit found in the Microsoft Support Diagnostic Tool (MSDT). An attacker who successfully exploits this vulnerability can run arbitrary remote code to install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. This exploit can be activated either using Microsoft Office applications or non-Office applications. This is NOT a Visual Basic for Applications (VBA) Macro exploit, so you are NOT protected by simply having macros disabled.
There is no known patch at the time of sending this notice. In response to this vulnerability, the University Information Security Office (UISO) has created a Group Policy Object (GPO) that runs a workaround by deleting the affected registry key. The UISO asks that you link the GPO “IU-UISO-CVE-2022-30190-Follina-Mitigation” to your OUs where computer objects are stored. Please note that this GPO does not back up your registry key(s), so it is recommended that the following PowerShell command is entered on at least one workstation should you wish to revert the change in the future: “reg export HKEY_CLASSES_ROOT\ms-msdt <path-to-backup-location>\ms-msdt.bak.reg”
For more information about the exploit and the workaround, please see guidance [1] from the Microsoft Security Response Center.
–IT Community Partnerships on behalf of the University Information Security Office