Your IT Consultant
Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.
Actively Exploited Zero-Day Attack Delivered via Malicious Word Documents
June 1, 2022
Using technology has its advantages, but also requires some diligence to keep you safe. As ZDNet reports, attackers are using a protocol for troubleshooting Windows bugs to perform remote code execution through the Microsoft Support Diagnostic Tool. Using a tool designed to help users to deliver a malicious payload. Great. Security researcher Kevin Beaumont discovered that malicious code can be executed in a Word document that has been converted to Rich Text Format (RTF). You can protect yourself by applying this workaround to disable the entire MSDT URL protocol on the computer.
- Run Command Prompt as Administrator.
- To back up the registry key, execute the command “reg export HKEY_CLASSES_ROOT\ms-msdt filename“
- Execute the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f”