Microsoft has released a work-around guidance to address a remote code execution (RCE) vulnerability—CVE-2022-30190, known as "Follina" - affecting the Microsoft Support Diagnostic Tool (MSDT) in Windows.

This vulnerability, labelled “Follina”, can be exploited by an attacker sending a URL to a vulnerable machine. Successful exploitation on this vulnerability allows an attacker to install programs, view or change data, or create new accounts in line with the victim’s user permissions.

Disabling Microsoft Office Macros does not prevent exploitation of this vulnerability.

A patch is not currently available. It is advised that all organizations and companies in Vanuatu who use Microsoft Office products should review their system configurations, and follow Microsoft’s guidance on implementing a workaround until a patch is available.

CERTVU also recommends:

• Corporate networks using Microsoft Defender for Endpoint Security should follow Microsoft’s advice on how to block all Office applications from creating child processes.
• Corporate networks using Group Policy should follow Microsoft’s advice on disabling Troubleshooting Wizards via the Enable Diagnostics registry value until a patch is available.

Microsoft Office users should continue to monitor Microsoft’s website for updates and future vulnerabilities.