Earlier this week, a new zero day arrived, it is called Follina (MS Office CVE-2022-30190) and impacts any organization using Microsoft Office. Once again, GYTPOL is the only solution in the market to provide full remediation to this unresolved zero day.
Thinking a few steps ahead
Microsoft recommends removing a registry key. After researching the Microsoft recommendation – GYTPOL discovered that this is not sufficient and an attacker can still access computers in the network!
Therefore, we’ve added a couple of other registry settings, and these are the changes we’ve made in our remediation:
- Remove: “HKEY_CLASSES_ROOT\ms-msdt” key (MS recommendation against outsider threat)
- Disable: “HKLM:\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnostics\EnableDiagnostics” (diagnostic tool vs. insider threat)
- Disable: “HKLM:\SOFTWARE\Policies\Microsoft\Windows\WDI\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5}\DownloadToolsEnabled” (troubleshooting tool vs. insider threat)
GYTPOL streamlines and error-proofs the process, supporting both detection and push-button remediation of the Follina vulnerability.
A wakeup call
Follina offers a good example for why a solution like GYTPOL is so needed. But it's only that: an example. The truth is there's a virtually unlimited number of similar vulnerabilities and exposure points putting you at risk.
The quickest, easiest, most scalable, and reliable way to protect your organization against such threats is with a configuration security assurance solution. And there's only one of those. GYTPOL provides push-button remediation that enables users to rapidly reduce the attack surface and save time.
Follina is just another example of how GYTPOL keep protects your endpoints and your business continuity. Hopefully it will also serve as a wakeup call for the industry.
Comments