Mitigation of the 'Follina' vulnerability in Microsoft Support Diagnostic Tool (MSDT)
Microsoft recently issued CVE-2022-30190 regarding a vulnerability in the Microsoft Support Diagnostic Tool (MSDT) in Windows, also known as the 'Follina' vulnerability. This allows attackers to exploit the MSDT software that is built into Microsoft Office products to take control of a system. Illumina is currently investigating the scope and impact of this vulnerability on Illumina platforms, and will provide updates as they become available.
Current Mitigation Strategy
Illumina does not recommend installing third party software on Illumina sequencing instruments, so the primary mitigation strategy is to remove Microsoft Office software where possible.
If Microsoft Office software products are required for a typical workflow, Illumina's current recommended guidance is to disable the MSDT URL protocol through the command line using the following instructions:
Run Windows Command Prompt as Administrator.
To back up the registry key, execute the command:
“reg export HKEY_CLASSES_ROOT\ms-msdt filename“
Execute the command:
“reg delete HKEY_CLASSES_ROOT\ms-msdt /f”.
More information on the vulnerability and this mitigation can be found here:
Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability
For any feedback or questions regarding this article (Illumina Knowledge Article #6710), contact Illumina Technical Support techsupport@illumina.com.
Last updated