Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Actively Exploited Zero-Day Attack Delivered via Malicious Word Documents

June 1, 2022

Using technology has its advantages, but also requires some diligence to keep you safe. As ZDNet reports, attackers are using a protocol for troubleshooting Windows bugs to perform remote code execution through the Microsoft Support Diagnostic Tool. Using a tool designed to help users to deliver a malicious payload. Great. Security researcher Kevin Beaumont discovered that malicious code can be executed in a Word document that has been converted to Rich Text Format (RTF). You can protect yourself by applying this workaround to disable the entire MSDT URL protocol on the computer.

  1. Run Command Prompt as Administrator.
  2. To back up the registry key, execute the command “reg export HKEY_CLASSES_ROOT\ms-msdt filename
  3. Execute the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f”

Email:   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology