Crypto User: Beware of the MSDT Zero Day Vulnerability

There has been a new zero-day Microsoft Support Diagnostic Tool (MSDT) URL vulnerability (known as “Follina”).

According to Microsoft Security Response Centre blog:

“A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word.

An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.”

Essentially, this vulnerability allows for remote code execution and the hacker can exploit this to take control of your computer.

For crypto and Web 3 users, there has already been a documented attack using this exploit on a user who was tricked (through social engineering) into downloading and enabling a malicious Word Doc file. As the user was using Metamask hot wallet to store his NFTs, the hackers were able exploit the MSDT vulnerability to steal the NFTs. This is a serious threat, therefore please take action to secure yourself against this attack vector!

First, do not store your crypto assets in a hot wallet. Always use a cold wallet such as Ledger or Trezor!

Second, disable the MSDT URL protocol. Follow the steps to disable:

1. Run Command Prompt as Administrator.

2. To back up the registry key, execute the command “reg export HKEY_CLASSES_ROOT\ms-msdt filename“

3. Execute the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f”.

There is a Youtube instructional video that shows you how to do it:

Thus far, there have been no official Microsoft patch to address the vulnerability. But by executing the steps as described above, you should be safe.

The Web can be an unforgiving place with bad actors abound. To lower your risk of being attacked, protect yourself with the latest anti-virus software, regularly update your computer with security patches as they become available and keep abreast of the latest security threats and vulnerabilities in the news.

If you found value out of this article, please CLAP heartily, SHARE abundantly and FOLLOW me on Medium & Twitter.

For further reading:

1. https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/
2. https://mobile.twitter.com/wallet_guard/status/1531848479911432192?s=21&t=d8rfxxazMV75ClRz8xqKcw
3. https://mobile.twitter.com/wallet_guard/status/1509196531202932736