Advice on the ‘Follina’ Microsoft Support Diagnostic Tool vulnerability

Published date:

Vulnerability Image

CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability

The NCSC is aware of a remote code execution vulnerability affecting Microsoft Support Diagnostic Tool. This vulnerability is addressed in the CVE-2022-30190 security update.  

Microsoft have provided further information on the 'Follina' Microsoft Support Diagnostic Tool vulnerability.  There are a number of mitigations organisations should have in place, including updating to the latest updates and anti-virus. 

We recommend following vendor best practice advice in the mitigation of vulnerabilities. In this case, the most important aspect is to install the latest updates as soon as practicable. 

More information and mitigations can be found at: