This seems to have been gaining traction with exploitations now being seen in the wild
’A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word.’
CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability
+7Dipen N. K. | IT Security Specialist | Veeam Legend 2022 - 2025 | Cyber Security Space VUG Leader
+21Yeah seems like a nasty one for Word. Hopefully they patch it soon but I think there is a workaround via GPO.
Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
+11Great
[Microsoft MVP | Veeam Legend 6* | VMware vExpert 5* | Cisco Champion 3* | Object First Ace]
+13How it’s exploited here, the big and awesome John Hammond
Backups are like pizza, I love them. | Linkedin: @marco-fabbri-it
+11Chris.Childerhose wrote:
Yeah seems like a nasty one for Word. Hopefully they patch it soon but I think there is a workaround via GPO.
Chris.Childerhose wrote:
Yeah seems like a nasty one for Word. Hopefully they patch it soon but I think there is a workaround via GPO.
Yes, this is the right way to go about it right now. Individual registry tweak on a PC can help as well. I also think that antivirus providers are also very slow in providing rules that can block these exploits.
[Microsoft MVP | Veeam Legend 6* | VMware vExpert 5* | Cisco Champion 3* | Object First Ace]
1 person likes this
+11The step by step workaround for the MSDT vulnerability can be found on this page:
[Microsoft MVP | Veeam Legend 6* | VMware vExpert 5* | Cisco Champion 3* | Object First Ace]
1 person likes this
Comment
Rich Text Editor, editor1
Editor toolbars
Press ALT 0 for help
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.