Microsoft Issued a Mitigation Plan For Blocking Attacks on Office 0-Day Bug

Just a couple of months ago, a security researcher spotted a zero-day bug in the Microsoft Office suite that’d let an attacker execute malicious code remotely.

Since there are active exploitations of this recording daily, Microsoft issued a mitigation plan for vulnerable users to survive until an official patch is made available. And it’s by disabling the MSDT URL protocol, through which the attacks are happening.

An RCE Bug in Microsoft Office Suite

Microsoft’s Office suite was said to be infested with a zero-day bug, that can let potential hackers execute malicious PowerShell code remotely. This RCE bug was first noted by a security researcher going by Twitter handle name nao_sec.

His reports were initially denied by Microsoft as a security risk, and closed! But after seeing a spike in the exploitations of this zero-day bug, Microsoft has now shown up with a mitigation plan to protect users against further exploitation.

The zero-day bug is regarding the Microsoft Windows Support Diagnostic Tool (MSDT) URL protocol, which is now tracked as CVE-2022-30190 and lets an attacker execute malicious PowerShell commands when opening or previewing Word documents.

Microsoft in it’s notes said that “The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.”

Thus, in order to mitigate this, Microsoft advised users to disable the MSDT URL protocol by following the below commands;

  1. Run Command Prompt as Administrator.
  2. To back up the registry key, execute the command “reg export HKEY_CLASSES_ROOT\ms-msdt filename”
  3. Execute the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f”

After Microsoft comes up with a working patch, you can undo this mitigation plan by running an elevated command prompt and executing the reg import filename command (filename is the name of the registry backup created when disabling the protocol).

Microsoft also noted that it’s Defender Antivirus v1.367.719.0 or newer can detect the exploitations against this zero-day bug, thus notifying users to avail of the mitigation plan.

Other Trending News:-  News


Please enter your comment!
Please enter your name here