ENGLISH Search Menu
Alerts & News Security Alerts Security News

SECURITY ALERTS

A Vulnerability (CVE-2022-30190) Exists in Microsoft Support Diagnostic Tool Allow for Arbitrary Code Execution

DESCRIPTION:
Microsoft Support Diagnostic Tool is a tool in Windows operating system, which is used by Microsoft Support to help diagnose Windows problems.
A high-risk vulnerability (CVE-2022-30190) exists in the Microsoft Support Diagnostic Tool(MSDT) called Follina. When MSDT is called using the URL protocol from a calling application such as Word, an attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application.

 

AFFECTED RELEASES:
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2(Server Core installation)
Windows Server 2016
Windows Server 2016(Server Core installation)
Windows Server 2019
Windows Server 2019(Server Core installation)
Windows Server 2022
Windows Server 2022(Server Core installation)
Windows Server, version 20H2(Server Core Installation)

 

SOLUTION:
1. Users and system administrators of affected products are advised to apply the security updates by the following URL:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190
2. If you can’t update to the latest version, please refer to the Microsoft official webpage and temporarily close the URL protocol from MSDT.
(1) Run Command Prompt as Administrator.
(2) To back up the registry key, execute the command “reg export HKEY_CLASSES_ROOT\ms-msdt filename“
(3) Execute the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f”.
(4) To restore the registry key, execute the command “reg import filename”
3. Please update the anti-virus code.
4. Please notice the suspicious email, confirm the correctness, and do not click the link or open the attachment.
5. Please strengthen internal publicity and enhance personnel security awareness to prevent hackers from using email to do social engineering attacks.

 

REFERENCE:
1. https://www.ithome.com.tw/news/151211
2. https://www.ithome.com.tw/news/151238
3. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190
4. https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/
5. https://support.microsoft.com/zh-tw/office/office-%E7%9A%84%E6%87%89%E7%94%A8%E7%A8%8B%E5%BC%8F%E9%98%B2%E8%AD%B7-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46
 

 Back To Top