This product pack will mitigate the Follina vulnerability in milliseconds with 1E Tachyon.
Zero-day exploits that can run without requiring elevated privileges which do not have available patches out quickly, and which allow the bad actor to install software and make other arbitrary changes to devices, are about as bad as they come.
“Follina,”as reported in Techcrunch and elsewhere ticks all the wrong boxes and impacts 41 Microsoft products including Windows 11 and Office 365. Huntress research even identified a way to have this execute without the user even having to CLICK anything (hovering over the icon can trigger the exploit!).
The good news is that although there is no official patch – Microsoft have issued an advisory which includes information on a registry key you can delete, to mitigate the risk.
The better news is that, if you are a1E Tachyoncustomer, you can implement that advice with ease, on any/all of your devices, immediately.
That’s it. Problem solved. Risk averted.
The instruction follows the exact Microsoft advice, running a command to back up the reg keys first – so they can be imported later. Another option allows you to restore the same keys if desired.
This was written in minutes with TIMS (Tachyon Instruction Management Studio), using the Tachyon Method NativeServices.RunCommand() and the in-built Registry functions.
This Follina attack is an example of one of many “Living off the land” type exploits which uses PowerShell or other “on-box” tools to perform nefarious tasks for the attacker.
Even without this specific instruction, you could use the existing instructions to delete a named Registry Key if immediate response is required.
With 1E Tachyon you can apply the fix to all endpoints in milliseconds and then move on with your day.
Backup and delete or restore HKCRms-msdt - used to mitigate the Follina vulnerability, and potentially others. Backup and delete registry to disable the MSDT URL Protocol