Saturday, June 4, 2022

Zero Day Protocol Handlers Exploit - MSDT (Follina) and Search

Windows 10.

Batch file to remove some protocol handlers that might be used for zero day exploits (uncomment as required).

rem I. Windows Search
rem -----------------

rem link
rem   https://www.bleepingcomputer.com/news/security/new-windows-search-zero-day-added-to-microsoft-protocol-nightmare/

rem backup key
rem   reg export HKEY_CLASSES_ROOT\search-ms search-ms.reg

rem delete key
rem   reg delete HKEY_CLASSES_ROOT\search-ms /f

rem restore key
rem   reg import search-ms.reg


rem II. MS DT
rem ---------

rem link
rem   https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-office-zero-day-exploited-in-attacks/

rem backup
rem   reg export HKEY_CLASSES_ROOT\ms-msdt ms-msdt.reg

rem remove
rem   reg delete HKEY_CLASSES_ROOT\ms-msdt /f

rem restore
rem   reg import ms-msdt.reg


No comments:

Post a Comment