Dark Mode

    Free Trial
    Image of Tal Kollender
    • 2 min read
    • Jun 2, 2022 2:26:10 PM

    Taking Follina From Headache to Handled

    Follina-vuberability

    Earlier this week, a new zero day arrived, it is called Follina (MS Office CVE-2022-30190) and impacts any organization using Microsoft Office. Once again, GYTPOL is the only solution in the market to provide full remediation to this unresolved zero day.

    Thinking a few steps ahead

    Microsoft recommends removing a registry key. After researching the Microsoft recommendation – GYTPOL discovered that this is not sufficient and an attacker can still access computers in the network!

    Therefore, we’ve added a couple of other registry settings, and these are the changes we’ve made in our remediation:

    1. Remove: “HKEY_CLASSES_ROOT\ms-msdt” key (MS recommendation against outsider threat)
    2. Disable: “HKLM:\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnostics\EnableDiagnostics” (diagnostic tool vs. insider threat)
    3. Disable: “HKLM:\SOFTWARE\Policies\Microsoft\Windows\WDI\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5}\DownloadToolsEnabled” (troubleshooting tool vs. insider threat)

    GYTPOL streamlines and error-proofs the process, supporting both detection and push-button remediation of the Follina vulnerability.

    A wakeup call

    Follina offers a good example for why a solution like GYTPOL is so needed. But it's only that: an example. The truth is there's a virtually unlimited number of similar vulnerabilities and exposure points putting you at risk.

    The quickest, easiest, most scalable, and reliable way to protect your organization against such threats is with a configuration security assurance solution. And there's only one of those. GYTPOL provides push-button remediation that enables users to rapidly reduce the attack surface and save time.

    Follina is just another example of how GYTPOL keep protects your endpoints and your business continuity. Hopefully it will also serve as a wakeup call for the industry.

    About Author

    Image of Tal Kollender

    Tal Kollender

    With a background in hacking, Tal's filled senior cyber roles for the IDF and Dell EMC. In 2023, Tal was named "Cybersecurity Women Entrepreneur of the Year" by the Unite Cybersecurity Alliance.

    Comments