These are two Python scripts compiled to easily and quickly apply temporary protection against the CVE-2022-30190 vulnerability (Follina)
Both can be programmed better, but this is just to implement it as quickly as possible and I did it without much Python knowledge, but the important part is... it works! Hehe
Step by step ('CVE-2022-30190_temp-fix.exe'):
- Backs up the registry key 'HKEY_CLASSES_ROOT\ms-msdt'.
- Deletes the registry key 'HKEY_CLASSES_ROOT\ms-msdt'.
- Creates a new registry key 'DWORD' with a value of '0' to enable a 'Local Group Policy' at the path 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnostics' called 'EnableDiagnostics' (This registry key sets the policy called 'Troubleshooting: Allow users to access and run troubleshooting wizards.' as 'Disabled', located at 'Computer Configuration/Policies/Administrative Templates/System/Troubleshooting and Diagnostics/Scripted Diagnostics').
Step by step ('revert_changes.exe'):
- Restores the registry key 'HKEY_CLASSES_ROOT\ms-msdt'.
- Deletes '.reg' file used to restore it.
- Deletes the registry key which was created before to enable a 'Local Group Policy'.
-
Run 'CVE-2022-30190_temp-fix.exe' as administrator, that's all.
-
Do not delete the '.reg' file generated because you will need it in the future when Microsoft fixes this vulnerability.
-
If you want to undo all changes made, you just have to run 'revert_changes.exe' as administrator.
In most cases it will detected by the AV as a threat, so you can add an exception or just disable it for a moment, this is because none of the '.exe' files are signed.
Here are the links to the updates: