Microsoft recently announced the discovery of a zero-day ransomware in its Microsoft Support Diagnostic Tool (MSDT). The remote, unauthenticated hacker could gain access to critical accounts via malicious attachments or malicious links. As always, do not click on links or open attachments unless you are sure the sender is who they say they are. Companies have reported ransomware infections after employees clicked a pdf attachment or link. We advise everyone to be especially cautious when receiving ACH or payment requests.

Often times, attackers will gain access through these attachments, rather than put malicious code directly in the infected attachments, then change the account numbers and request an ACH payment. At this time, Microsoft has not released a patch for this vulnerability, though one is expected in the coming days.


If you are an LBMC Technology Solutions’ client with a TechCare Managed Services support agreement, a temporary workaround resolution for the vulnerability has been pushed out and official Microsoft patches will be deployed to all covered devices when they are available. If you are not a TechCare Managed Service client but have questions about this vulnerability, reach out to us at

Watch the On-Demand Social Engineering Seminar