Header image overlay

Microsoft 'Follina' zero-day vulnerability

Our support will regularly inform you of important events here.

Follina is a vulnerability in the Support Diagnostics Tool that allows remote code execution with rights of the used program.

Microsoft 'Follina' zero-day vulnerability

As of yet, there is no official patch available from Microsoft that fixes the vulnerability, but we do know that it is being actively exploited. More details about this vulnerability can be found Here: CVE-2022-30190.

However, there is a temporary workaround available, which you here can consult.

  • First of all, you need to disable the Diagnostics tool URL Protocol via the registry.
  • Microsoft Defender Antivirus (MDAV) users should enable "cloud-delivered protection" & "automatic sample submission".
  • Microsoft Defender for Endpoint (MDE) users can also enjoy additional protection with the following setting: "Block all Office applications from creating child processes".

Of course, we are monitoring this situation closely and will switch as soon as a patch would be available.

If you wish to engage our expertise to the workaround apply, do not hesitate to contact your Account Manager.

Can't create tickets? Ask here to get an account. If our Engineer needs to remotely control your PC, he or she will ask you to run this software .