Issued: Wednesday, 1 June, 2022 |
Last Revision: Wednesday, 1 June, 2022 |
Vendor: |
|
Severity Level: |
Microsoft Support Diagnostic Tool (MSDT) has been found to have a vulnerability that might allow arbitrary code execution. MSDT gathers data from Windows and Windows Server hosts and sends it to Microsoft Support.
MSDT can be accessed via the URL protocol from a calling application such as Word, allowing an attacker to execute arbitrary code with the user's rights.
The successful exploitation of this vulnerability could lead to the execution of arbitrary code. An attacker might then install programs, read, alter, or remove data, or create new accounts with full user rights, depending on the privileges associated with the user. Users whose accounts are set up with fewer user privileges on the system may be less affected than those with administrative user rights.
This vulnerability, named "Follina" and tagged as CVE-2022-30190, has been widely disclosed and exploited. Attackers are able to execute arbitrary code, through the use of infected word documents.
CVE/Vulnerability | Description | CVSS3.0 Score |
CVE-2022-30190 | Remote Code Execution Vulnerability | 7.8 |
Table 1: Vulnerability details
CVE/Vulnerability | Affected Product(s) |
CVE-2022-30190 | Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 Azure Edition Core Hotpatch Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems |
Table 2: Vulnerable versions
There is no official fix from Microsoft available for this vulnerability right now. Organization may apply workaround released by Microsoft for temporary protection, which disables the MSDT URL protocol and thus prevents exploitation. Please refer to links in refrences for Workaround suggested by Microsoft.
After Microsoft issues a patch for CVE-2022-30190, you can undo the changes applied through workaround. To reverse the workaround, open a command prompt in elevated mode and type reg import filename (filename is the name of the registry backup created when disabling the protocol