On Monday, Microsoft’s Security Response Center issued an advisory on CVE-2022-30190, a newly-discovered zero-day vulnerability that may enable threat actors to run arbitrary code with user-type rights. According to the note, the vulnerability is related to the in-app calling of MSDT (Microsoft Support Diagnostic Tool) via an URL protocol. Microsoft is currently working on a permanent fix, but no timeline has been made available. In the meantime, Microsoft advises users to implement workarounds.
What is CVE-2022-30190?
CVE-2022-30190 is a remote code execution vulnerability found to affect hosts that call upon MSDT from applications such as Word or Excel. Upon interaction, the user will get redirected to MS’s Support via an URL protocol. During data transmission, an interceding threat actor could obtain local user privileges in order to run malicious arbitrary code on the host machine.
Furthermore, according to Microsoft, if successfully exploited, the vulnerability would grant an attacker the same type of privileges (e.g., delete data, modify data, view data, or create a new account) as the ‘calling’ application. To date, there’s no official fix to the MSDT vulnerability. Microsoft has made available several workarounds; temporary fixes that can prevent in-application calling.
Per Microsoft’s advisory, disabling the MSDT