Crazyman

**Name of the Vulnerable Software and Affected Versions** Microsoft Office versions prior to the fixed version Microsoft Windows Support Diagnostic Tool (MSDT) (affected versions not specified) Microsoft Windows Server 2012, Microsoft Windows 10, Microsoft Windows 8.1, Microsoft Windows Server 2016, Microsoft Windows Server 2008 **Description** A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. The vulnerability allows remote attackers to execute arbitrary code and affect the system. The estimated number of potentially affected devices worldwide is not available. Real-world incidents where this issue was exploited have been reported, with the first signs of exploitation dating back to April 12, 2022. **Recommendations** For Microsoft Office versions prior to the fixed version: Update Microsoft Office to the latest version to patch the Follina vulnerability. For Microsoft Windows Support Diagnostic Tool (MSDT): Disable the ms-msdt protocol in the Windows registry to prevent exploitation. For Microsoft Windows Server 2012, Microsoft Windows 10, Microsoft Windows 8.1, Microsoft Windows Server 2016, Microsoft Windows Server 2008: Apply the official patch from Microsoft to fix the vulnerability. As a temporary workaround, consider disabling the `ms-msdt` protocol in the Windows registry until a patch is available. Restrict access to the vulnerable `MSDT` module to minimize the risk of exploitation. Avoid using the `ms-msdt` protocol in the affected API endpoint until the issue is resolved.