Microsoft has released workaround guidance to address a critical zero-day vulnerability — CVE-2022-30190, known as “Follina.” This affects the Microsoft Support Diagnostic Tool (MSDT) in Windows. A remote, unauthenticated attacker could exploit this vulnerability to take control of an affected system. Microsoft has reported active exploitation of this vulnerability in the wild.
Innovative Computing Systems Managed Services clients who have all workstations and servers monitored have already been protected from this vulnerability.
If you are not a Managed Services client or if there are machines in your environment not being monitored, we are unable to apply the recommended workaround. As of 6/3/2022, Microsoft has not released a patch to address the issue and manual edits to your systems must be made to mitigate the vulnerability. To enable the workaround for your firm, visit Microsoft’s Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability.
If you would like information on how to become a Managed Services client or want to add unmonitored devices to your current agreement, please contact an Innovative Account Executive at [email protected] or 1-800-541-0450.