Client Supported - v23.7, v8.1, v8.2, v8.4, v9.0 OS Supported - Microsoft Windows 11, 10, Windows Server 2019, 2016
“Follina,”as reported in Techcrunch and elsewhere ticks all the wrong boxes and impacts 41 Microsoft products including Windows 11 and Office 365. Huntress research even identified a way to have this execute without the user even having to CLICK anything (hovering over the icon can trigger the exploit!).
The good news is that although there is no official patch – Microsoft have issued an advisory which includes information on a registry key you can delete, to mitigate the risk.
Mitigate the Follina vulnerability by running instruction to take Backup and delete MSDT registry hive HKEY_CLASSES_ROOT\ms-msdt.
This Product Pack contains instructions.
Upload the Product pack either with the help of Tachyon Product Pack Deployment Tool or directly by clicking on Upload button from Instruction set in 1E Platform.
Create an Instruction Set named Follina and move all the instructions from Unassigned Set to this set, unless you use Product Pack Deployment Tool which creates it automatically.
Go to Explorer and search for Backup and delete MSDT registry hive HKEY_CLASSES_ROOT\ms-msdt.
Click Perform this Action.
This will delete HKLM_CLASSES_ROOT\ms-msdt after taking backup.
Backup and delete or restore HKCRms-msdt - used to mitigate the Follina vulnerability, and potentially others. Backup and delete registry to disable the MSDT URL Protocol