Dark Mode

    Free Trial
    • 4 min read
    • Jun 2, 2022 2:26:10 PM

    Follina detection and remediation by GYTPOL

    See how Gytpol detects and remediates Follina with zero impact


    Once again, Gytpol is the only solution in the market to provide a full remediation to this unresolved zero day.

    Earlier this week, a new zero day arrived, it is called Follina (MS Office CVE-2022-30190) and impacts any organization using Microsoft Office.

    Microsoft recommended removing a registry key.

    After researching the Microsoft recommendation – Gytpol discovered that this is not sufficient and an attacker can still access computers in the network!

    Therefore, we’ve added a couple of other registry settings, and these are the changes we’ve made in our remediation:

    1. Remove “HKEY_CLASSES_ROOT\ms-msdt” key (MS recommendation against outsider threat)

    2. Disable: “HKLM:\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnostics\EnableDiagnostics” (diagnostic tool vs. insider threat)

    3. Disable: “HKLM:\SOFTWARE\Policies\Microsoft\Windows\WDI\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5}\DownloadToolsEnabled” (troubleshooting tool vs. insider threat)

    Gytpol’s Security Configuration Management solution is now supporting both detection and automatic remediation of the Follina vulnerability.

    Our remediation capability is a single button press from a single centralized platform.  Enabling you to rapidly reduce your attack surface and saving you time.  The full continuous visibility which Gytpol provides allows you to know for sure that you are protected from Follina and hundreds of other misconfigurations exploited by hackers.

      About Author

      Simone Lavi