New vulnerability in a Microsoft tool enables attacks using malicious Microsoft Office documents
Vulnerability10/2022CVSS 7.8
A new zero-day vulnerability has been detected in the Microsoft Support Diagnostic Tool enabling remote code execution by using malicious Microsoft Word documents. Microsoft released a fix 14.6. that should be installed as soon as possible.
The vulnerability has been given the identifier CVE-2022-30190 and assigned a CVSS3 score of 7.8. The vulnerability can be exploited if the victim just previews a malicious document in Microsoft Explorer or opens a document that contains malicious code. Microsoft’s “Protected View” and “Application Guard” provide protection against the vulnerability.
Some malware detection tools can detect attempts to exploit the vulnerability. These include Microsoft Defender Antivirus and Microsoft Defender for Endpoint.
Exploitation of the vulnerability has already been detected, which means that great caution should be taken with documents received from unreliable sources until a patch has been installed.
Target
- Workstations and end-user applications
- Servers and server applications
Attack vector
- Remote
- Locally
Impact
- Execution of arbitrary commands
Exploit seen live
- In the wild
Remediation
- Software update patch
- Restriction of the problem
Subject of vulnerability
Microsoft Windows 7 and more recent versions up to Windows 11
Microsoft Windows Server 2008 and more recent versions up to Windows Server 2022
What is it about?
- Install new 14.6. released updates or:
- Disable the MSDT URL protocol
Instructions: https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/ (External link) - Exercise great caution with documents received from unreliable sources
Microsoft released fix for the vulnerability 14.6.