Follina: MSDT RCE via malicious Office documents requiring no macros. Disable the MSDT URL protocol as an immediate workaround. Actively exploited by APT groups. Apply June 2022 patches when available.
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. Microsoft Support Diagnostic Tool Follina vulnerability.
Supernova subscribers receive AI-triaged CVE alerts the moment they're published — before the PoC drops.
Start Supernova — $99/mo →