NO

Author Topic: Active Windows Exploit  (Read 576 times)

Offline John Z

  • Member
  • *
  • Posts: 447
Active Windows Exploit
« on: June 01, 2022, 12:48:55 pm »
This one seems fairly severe so I'm hoping the link and information is useful to forum members.
From arstechnica

https://arstechnica.com/information-technology/2022/05/code-execution-0day-in-windows-has-been-under-active-exploit-for-7-weeks/
From the article:
"
    Run Command Prompt as Administrator.
    To back up the registry key, execute the command "reg export HKEY_CLASSES_ROOT\ms-msdt filename"
    Execute the command "reg delete HKEY_CLASSES_ROOT\ms-msdt /f"
"

as in
C:\reg export HKEY_CLASSES_ROOT\ms-msdt c:\temp\ms_mdt_reg.reg

then

C:\reg delete HKEY_CLASSES_ROOT\ms-msdt /f

OR (my suggestion instead of delete ONLY if you know how is to just rename ms-msdt
(obligatory warning DOING something WRONG in regedt can totally disable your system)

as in

HKEY_CLASSES_ROOT\ZZZms-msdt


John Z

Offline bitcoin

  • Member
  • *
  • Posts: 154
Re: Active Windows Exploit
« Reply #1 on: June 25, 2022, 05:31:32 pm »
This is Follina? Office exploit? It already patched.

Offline John Z

  • Member
  • *
  • Posts: 447
Re: Active Windows Exploit
« Reply #2 on: June 26, 2022, 11:38:43 am »
Yes, just patched last week as I recall.  I undid the temporary 'fix'.

Still have not seen or heard a 'fix' for the Print Spooler hack.
I keep mine disabled unless I am going to print.

John Z