Saturday, June 4, 2022

Zero Day Protocol Handlers Exploit - MSDT (Follina) and Search

Windows 10.

Batch file to remove some protocol handlers that might be used for zero day exploits (uncomment as required).

rem I. Windows Search
rem -----------------

rem link

rem backup key
rem   reg export HKEY_CLASSES_ROOT\search-ms search-ms.reg

rem delete key
rem   reg delete HKEY_CLASSES_ROOT\search-ms /f

rem restore key
rem   reg import search-ms.reg

rem II. MS DT
rem ---------

rem link

rem backup
rem   reg export HKEY_CLASSES_ROOT\ms-msdt ms-msdt.reg

rem remove
rem   reg delete HKEY_CLASSES_ROOT\ms-msdt /f

rem restore
rem   reg import ms-msdt.reg

No comments:

Post a Comment