High Threat Security Alert (A22-05-17): Vulnerability in Microsoft Windows

Description:

Microsoft has released an out-of-band security advisory to address the vulnerability in Microsoft Diagnostic Tool (MSDT) being called via the URL protocol from a calling application such as Word. An attacker exploiting the vulnerability could install programs, view, change, delete data, or create new accounts in the context allowed by the user’s rights.

Reports indicate that a remote code execution vulnerability (CVE-2022-30190) in Microsoft Windows and Server is being actively exploited. Patches are yet to be available but Microsoft has provided a workaround to mitigate the risk. System administrators are advised to observe the advisory and immediately apply the recommended workaround to mitigate the elevated risk of cyber attacks.

Affected Systems:

• Microsoft Windows 7, 8.1, RT 8.1, 10, 11
• Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019, 2022
• Microsoft Windows Server, version 20H2

Impact:

A successful attack could lead to remote code execution on an affected system.

Recommendation:

While patches for affected products are yet available, temporary measure is provided by Microsoft to mitigate the risk of exploitation. Users of affected systems should follow the provided recommendation in the following URL and take immediate actions to mitigate the risk.

https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/

More Information:

• https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190
• https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/
• https://www.hkcert.org/security-bulletin/microsoft-products-remote-code-execution-vulnerability_20220531
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30190