Follina Zero Day Workaround - Export-Delete ms-Msdt Key
Exports and deletes ms-msdt key to mitigate against Follina Zero Day.
Worklet Details
I
The Follina Zero Day Workaround - Export-Delete ms-msdt Key Worklet is a PowerShell script designed for Microsoft Windows operating systems. It provides a temporary solution to mitigate the potential security risks associated with a critical vulnerability in the Microsoft Support Diagnostic Tool (MSDT).
This remote code execution vulnerability, commonly referred to as "Follina," allows threat actors to execute arbitrary code on a target system by exploiting the MSDT URL protocol in Microsoft Office documents. The Worklet evaluates the state of the ms-msdt key in HKEY_CLASSES_ROOT and exports it before deleting it from the registry to prevent exploitation.
Why would you use the Follina Zero Day Workaround - Export-Delete ms-msdt Key Worklet?
This Worklet is essential for administrators who need an immediate solution to protect their systems from potential security breaches related to the Follina exploit. By using this script, they can ensure that their systems are safeguarded until an official patch is released by Microsoft.
Disabling the MSDT URL protocol prevents malicious documents from taking advantage of this attack vector, thus reducing an organization's overall security risk.
Components of the Follina Zero Day Workaround - Export-Delete ms-msdt Key Worklet
The primary components of this Worklet include PowerShell commands and snippets that perform specific actions such as mounting HKEY_CLASSES_ROOT as a drive, testing for the presence of the ms-msdt key, exporting it to a specified directory, and deleting it from the registry.
This Worklet alos includes various error handling steps and validation checks to ensure proper functionality.
How does the Follina Zero Day Workaround - Export-Delete ms-msdt Key Worklet work?
Upon execution, this PowerShell script will first check if HKEY_CLASSES_ROOT is mounted as a drive on your system. If not, it mounts the registry key as a drive. Next, it tests for the existence of the ms-msdt key in the HKEY_CLASSES_ROOT registry. If found, it exports the key to a specified directory, then deletes it from your system's registry.
This disables the MSDT URL protocol and prevents threats posed by malicious documents from exploiting this vulnerability.
What is the expected outcome when you use the Follina Zero Day Workaround - Export-Delete ms-msdt Key Worklet?
When successfully executed, this Worklet will disable the MSDT URL protocol on your system by exporting and deleting its relevant registry key. It offers an effective temporary solution to mitigate security risks associated with Follina until Microsoft releases an official patch or update to address this critical vulnerability.
Users should note that this Worklet is a workaround and not a permanent fix. Applying available security patches and updates once they are released is strongly recommended for comprehensive protection against potential exploits targeting this vulnerability.
TRY WORKLETS TODAY FOR FREE
Start now and begin controlling your endpoints within 15 minutes.
No credit card required. By submitting this form you agree to our Master Services Agreement and Privacy Policy.
Already have an account? Log in
Consider Worklets your easy button
What's a Worklet?
A Worklet is an automation script, written in Bash or PowerShell, designed for seamless execution on endpoints – at scale – within the Automox platform. Worklet automation scripts perform configuration, remediation, and the installation or removal of applications and settings across Windows, macOS, and Linux.
AUTOMOX + WORKLETS™
Supercharge your endpoint management
Uncover new possibilities with simple, powerful automation.
By submitting this form you agree to our Master Services Agreement and Privacy Policy