Microsoft has acknowledged a critical zero-day vulnerability in Windows that affects all major versions, including Windows 11, Windows 10, Windows 8.1 and even Windows 7. The vulnerability, identified with tracker CVE-2022-30190 or Follina, allows attackers to remotely execute malware on Windows without triggering Windows Defender or other security software. Fortunately, Microsoft has shared an official solution to mitigate the risk. In this article, we have detailed the steps to protect your Windows 11/10 PCs from the latest zero-day vulnerability.

Before we get to the steps to fix the vulnerability, let's understand what the exploit is all about. Known by the tracking code CVE-2022-30190, the zero-day exploit is linked to the Microsoft Support Diagnostic Tool (MSDT). This exploit allows attackers to run PowerShell commands remotely via MSDT when opening malicious Office documents.

"A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling program such as Word. An attacker who successfully exploited this vulnerability could execute arbitrary code with the privileges of the calling program. The attacker could then install programs, view, modify, or delete data or create new accounts in the context that the user's rights allow,” explains Microsoft.

As researcher Kevin Beaumont explains, the attack uses Word's remote template feature to retrieve an HTML file from a remote web server. It then uses the ms-msdt MSProtocol URI scheme to load the code and run PowerShell commands. As a side note, the exploit was named "Follina" because the example file references 0438, the area code for Follina, Italy.