Recently there was a new zero-day vulnerability discovered that affects all the modern versions of Windows including Windows 10 and Windows 11. This vulnerability “Follina” is making use of the special URL protocol ms-msdt used on Windows for the system diagnostics. When a specially designed Microsoft Word file is opened on Windows, it uses this URL protocol to launch applications and might execute malicious instructions.
In order to mitigate the vulnerability before the next update is released by Microsoft, they have given instructions to disable the MSDT URL protocol altogether on Windows.
Here is how you can disable ms-msdt URL protocol on Windows using two different ways:
Disable MSDT URL Using Windows Registry Editor
- Launch Windows Registry Editor by pressing Win+R, typing regedit and pressing Enter.
- In the Registry Editor, navigate to HKEY_CLASSES_ROOT\ms-msdt.
- Right-click on ms-msdt key and choose Export. Provide a filename to save the key to that file.
- Again right-click on ms-msdt key and choose Delete from the menu. This will delete that key and also disable the MSDT URL protocol.
Disable MSDT URL Using Command Prompt
- Press the Win+X hotkey and then select Command Prompt (Admin) from the menu. You can also choose PowerShell (Admin) if “Command Prompt” is not available.
- In the command prompt, give the following command to backup the MSDT protocol key:
reg export HKCR\ms-msdt D:\Backup\msdt.reg
- For disabling the MSDT URL protocol, give the following command:
reg delete HKCR\ms-msdt
Restore MSDT URL Protocol from Backup
For restoring the MSDT URL protocol once again, you can use the backup file that you created using any of the above methods. You can simply double-click on that file and merge it with the registry. But you can also give the following command to merge it:
reg import D:\backup\msdt.reg
In either case, the MSDT URL is once again enabled on your system. But if you choose to re-enable it, you should ensure that you are running the latest updated version of Windows and have a good antivirus software installed.