Protocol vulnerabilities in Windows
In recent days, a group of security researchers have revealed an important vulnerability that affects the Microsoft support tool. It basically affects all versions of the operating system, both client and server. It is something that comes by default in Windows.
What it does is exploit a bug in the Microsoft system protocols. On success, an attacker could execute arbitrary code, with permissions as if they were actually the legitimate system administrator. This could allow you to install programs, delete data, make changes to the Windows Registry, etc.
Now, can we avoid this problem? From Microsoft they have released a solution, at least partial, to solve this bug. To do this, go to Home, enter the Terminal or Command Prompt with administrator permissions and there execute the following command:
reg export HKEY_CLASSES_ROOTms-msdt regbackupmsdt.reg
What this command does is create a backup of the ms-msdt key. Later you have to execute this other command to delete the key:
From there, it is possible to restore the key using reg import regbackupmsdt.reg.
In addition, Microsoft recommends enabling Windows Defender cloud protection and automatic sample submission.
Use Group Policy
Another alternative to avoid this type of problem is to use Windows Group Policy. To do this you have to go to Start and run gpedit.msc. Once inside you have to follow the following steps to reach the necessary configuration and solve these vulnerabilities:
- Equipment configuration
- Administrative Templates
- Troubleshooting and Diagnostics
- Script generated diagnostics
Once there you have to double click on the first option and select Disabled. From there it will block users and will not allow them to take advantage of this problem.
Another option available to you is to use the Windows Registry Editor. The goal is the same, although the steps are going to be different. You will also be able to avoid problems with these vulnerabilities, at least as a partial solution.
What you have to do in this case is to follow the following steps to reach the destination:
- Registry Editor
If you do not see that ScriptedDiagnostics is created you will have to generate it. To do this, click the second mouse button, Create new Dword key (32 bits). You have to make sure that the value is 0.
Once this is done, what you have to do is restart the computer to make sure that the changes have been made correctly. It is a quick and easy process and from there you will be configured correctly.
In short, as you have seen, these are some steps you can take to protect Windows from the latest protocol vulnerabilities. In addition, something fundamental is to always have the updated system. This way you can correct many more problems that may arise. There are many vulnerability scanners and it is important to avoid them.