Follina is a recently-discovered vulnerability in Windows. Besides Follina, several other names are used to refer to this vulnerability. Colloquially, it is known as the MSDT exploit. Microsoft itself calls it CVE-2022-30190, while the antiviruses will sometimes call it Mesdetty. It affects Windows 7, 8, 10, and 11.
The vulnerability is located within Microsoft Support Diagnostic Tool, an application bundled with Windows to collect data for Microsoft Support. Using a specifically designed text document (specifically, those with .docx and .rtf extensions), or a shortcut, MSDT can be made to run arbitrary code. What this means is that if you receive a corrupted file like this via, say, email, and then open it – the hacker will have full control of your computer. They could use this control to steal sensitive data such as passwords, to install malicious software, or to do anything else the hacker could imagine.
If you think this is bad – it gets worse. Corrupted .docx files still need to be opened for the hacker to gain control. Corrupted .rtf files do not. All the victim has to do is to select the file – to click on it once, in other words – and that’s it, they’re hacked.
Sounds very dangerous, doesn’t it? The worst part is, because it is so new (it’s been discovered just a few days ago), antiviruses might not be able to detect the corrupted files. Luckily, it is very easy to fix the Follina vulnerability yourself, which will render you completely immune to this attack. The article below will explain the steps you need to follow.
How to fix Follina vulnerability
You can easily fix Follina by using Command Prompt. Although this tool generally requires advanced computer knowledge to use, we will guide you through the steps you need to take.
First, let’s open the Command Prompt. To do this, press Win+R and type in “cmd” without the quotes (see image). Now press Ctrl+Shift+Enter to run Command Prompt as an administrator. If you’ve done this correctly, you will see a prompt from User Account Control. Click Yes.
A new window will appear, with a few lines of white text on black background. This is the Command Prompt.
Copy this line of text:
reg delete HKEY_CLASSES_ROOT\ms-msdt /f
Now, paste it into the Command Prompt. This can be done by right-clicking the window. Do not use Ctrl+V, however.
Press Enter to execute the command.
The Command Prompt will now tell you “The operation completed successfully”, like on the image above. This means you managed to fix Follina. You’re now safe, congratulations!
If you see an error instead, then you did not follow the instructions precisely – you did not run the Command Prompt as an administrator. Go through the process again, paying close attention to the instructions.
How to tell if you’ve been hacked using Follina
If you saw a window named “Program Compatibility Troubleshooter” or “Microsoft Support Diagnostic Tool” appear right after you opened a text document, then the file you opened was corrupted with Follina and your computer is now infected. In case of .rtf files, this can happen even without you opening the file – selecting it with a single click is enough.
If you recall this happening, you should consider your computer and all data on it compromised. React accordingly – it’s time to change all your passwords, enable 2FA, freeze credit cards you’ve been using for online payments, and so on. These steps remain the same regardless of how your computer was hacked, so you can follow any guide focusing on that if you want more detailed instructions. To get rid of malware the hackers might’ve installed, perform an antivirus scan, or even reinstall Windows completely.