“Follina,”as reported in Techcrunch and elsewhere ticks all the wrong boxes and impacts 41 Microsoft products including Windows 11 and Office 365. Huntress research even identified a way to have this execute without the user even having to CLICK anything (hovering over the icon can trigger the exploit!).
The good news is that although there is no official patch – Microsoft have issued an advisory which includes information on a registry key you can delete, to mitigate the risk.

Key Features

  • Mitigate the Follina vulnerability by running instruction to take Backup and delete MSDT registry hive HKEY_CLASSES_ROOT\ms-msdt.


  • This Product Pack contains instructions.
  • Upload the Product pack either with the help of Tachyon Product Pack Deployment Tool or directly by clicking on Upload button from Instruction set in 1E Platform.
  • Create an Instruction Set named Follina and move all the instructions from Unassigned Set to this set, unless you use Product Pack Deployment Tool which creates it automatically.


  • Go to Explorer and search for Backup and delete MSDT registry hive HKEY_CLASSES_ROOT\ms-msdt.
  • Click Perform this Action.
  • This will delete HKLM_CLASSES_ROOT\ms-msdt after taking backup.


Join Our Newsletter

Copyright © 1E 2022 All Rights Reserved

This website is designed for desktop. If using a mobile browser please change to desktop view.