To content

Serious security vulnerability in Office/Windows

There is a new software flexibility in Microsoft products that is actively exploited. What is particularly dangerous about this is that it can be exploited without user intervention.

Current virus scanners recognize the danger.

So far, the only workaround is to disable msdt. This is done automatically on Windows computers that are in the Active Directory tu-dortmund.de and in the TU network or VPN.

For all other Windows computers there are different possibilities. Administrative rights are required for this.

  1. Open command line cmd.exe as admin and execute this command. It prevents the dangerous URL from being opened at all: reg delete HKEY_CLASSES_ROOT\ms-msdt /f
  2. Open command line cmd.exe as admin and run this command (without line breaks) It prevents the vulnerable tool msdt.exe from running the malicious command: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnostics" /v EnableDiagnostics /t REG_DWORD /d 0 /f

Information from BSI Information from Microsoft