This seems to have been gaining traction with exploitations now being seen in the wild
’A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word.’
CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability
+7Dipen N. K. | IT Security Specialist | Veeam Legend 2022 - 2025 | Cyber Security Space VUG Leader
+21Yeah seems like a nasty one for Word. Hopefully they patch it soon but I think there is a workaround via GPO.
Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | VUG Canada Leader | vExpert 6* | Toronto VMUG Leader | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
+11Great
[Microsoft MVP 2x | Veeam Legend (2021 -2025) | VMware vExpert 5x | Cisco Champion 3x | Object First Ace 2x]
+12How it’s exploited here, the big and awesome John Hammond
Backups are like pizza, I love them. | Linkedin: @marco-fabbri-it
+12Thanks for sharing,
Wolfgang | vnote42.net | @vNote42
+11Yeah seems like a nasty one for Word. Hopefully they patch it soon but I think there is a workaround via GPO.
Yeah seems like a nasty one for Word. Hopefully they patch it soon but I think there is a workaround via GPO.
Yes, this is the right way to go about it right now. Individual registry tweak on a PC can help as well. I also think that antivirus providers are also very slow in providing rules that can block these exploits.
[Microsoft MVP 2x | Veeam Legend (2021 -2025) | VMware vExpert 5x | Cisco Champion 3x | Object First Ace 2x]
+11The step by step workaround for the MSDT vulnerability can be found on this page:
[Microsoft MVP 2x | Veeam Legend (2021 -2025) | VMware vExpert 5x | Cisco Champion 3x | Object First Ace 2x]
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.