Microsoft Support Diagnostic Tool Remote Code Execution Vulnerability

Microsoft Support Diagnostic Tool Remote Code Execution Vulnerability

A high* level remote code execution vulnerability has been announced by Microsoft.

The remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.

Affected Systems

Products listed below are thought to be affected:

IoC’s

-

Recommended Solution(s)

Organizations using the above-mentioned products are recommended to apply applicable hotfixes listed below:

Although Microsoft has released a workaround and applicable hotfixes, there are unconfirmed reports that even fully patched systems can be exploited. Therefore it’s recommended that applicable precautions should be implemented on antivirus solutions such as preventing Office executables to run other executable files in a controlled manner.

CVE / CWE

CVE-2022-30190

Related Website(s)

• https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30190
• https://www.cisa.gov/uscert/ncas/current-activity/2022/05/31/microsoft-releases-workaround-guidance-msdt-follina-vulnerability

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.