Hackers can now HACK you with just a Word Document! | Zero-Day Exploit!

Tech Raj
Tech Raj
97,457
0
Published 2022-06-04
Create your own native application from your website in minutes with AppMySite (no coding required): www.appmysite.com/?utm_source=youtube&utm_medium=s…

This is the recently discovered Follina exploit which is assigned as CVE-2022-30190. It allows the hacker to get a Remote Code Execution (RCE) on your computer. In-order to trigger this exploit, the user need not even open the maldoc, he/she just needs to preview it!
The vulnerability lies in the MS-MSDT URL protocol - Windows blindly executes code when this protocol is used along with some parameters and a powershell expression.

DISCLAIMER
This video is made only for educational purposes and to bring awareness in viewers about this zero day exploit, and it contains instructions on how to protect yourself from it. So take it the right away, do not use it on anyone without their consent. This is a serious thing.

Check out John Hammond's video for a more in-depth explanation about this exploit:    • Exploiting MSDT 0-Day CVE-2022-30190  

A workaround for this vulnerability is to disable MSDT URL protocol on your computer. In-order to do that:
1. Open cmd as administrator
2. Backup your registry key with the command: reg export HKEY_CLASSES_ROOT\ms-msdt filename
3. Disable MSDT: reg delete HKEY_CLASSES_ROOT\ms-msdt /f

This should make you invulnerable to this exploit until the patch releases.

Stay safe guys!
Thanks for watching!
SUBSCRIBE for more videos!

Join my Discord: discord.gg/6TjBzgt
Follow me on Instagram: instagram.com/teja.techraj
Website: techraj156.com/​​​​​
Blog: blog.techraj156.com/

#zeroday
All Comments (21)
  • @TechRaj156
    Check out my FREE course on SQL Injection for Beginners, you also get a completion certificate: bit.ly/3MTMQ2Q
  • @_JohnHammond
    Thanks so much for the shout-out, and especially thanks for showcasing the PoC! 🥰
  • @adisonmasih
    Damn. Never Thought About RTF & Preview Pane! Thanks A Lot For Keeping Us Updated.
  • @lancemadrazo
    Your channel is too underrated, you'd make the next Jim Browning. Hell, your almost just as good as him
  • @gatorrade1680
    For anyone who is wondering: You can undo the workaround with this command "reg import backupregistry" Great video as allways, Raj 😎
  • @sher.5027
    Thanks for informing with short and best explanation. I liked, shared and subscribed. :)
  • @psylingames8371
    He’s so smart and knowledgeable. You earned a subscription!
  • @techywarrior1190
    again awesome video as always , also please make a update video on yoyr rig as market crashes
  • @_GhostMiner
    0:20 does this work only work when you have preview window enabled? I use details instead of preview.
  • @harshjain8345
    Loving the consistency and the content as well! Keep them coming! Also.. seems like your shadow ban is removed since one of your videos got good amount of views within 2 weeks of uploading !
  • @danixunboxing
    Amazing Video bro, learned a lot from this best explanation on MSDT vulnerability. Big Love from Pakistan..
  • @jacskyline
    Thanks for the video. I have a question. The direct execution on preview mode on Windows Explorer only occurs on rtf formats?
  • @bashdante3333
    it will be a good idea if i try the last part of this video on work's computer?
  • @leophysics
    Is that macro vunrability . Is it work if macro is off?