Forum Discussion

Anonymous

4 years ago

Zero Click Zero Day in Microsoft Support Diagnostic Tool...

Zero Click Zero Day in Microsoft Support Diagnostic Tool Exploited in the Wild (CVE-2022-30190) On May 30, Microsoft released an advisory for a zero-day in the Microsoft Windows Support Diagnostic T...

suraj

4 years ago

We are also getting this plugin as high in our daily scans.

Any idea when this would be downgraded to informational ?

Thanks

adam_walter

Connect Contributor II

4 years ago

Hi @Suraj Thakur , the number of assets with this High vulnerability in our environment began reducing yesterday. It appears a scan of each asset is required to adjust the severity rating of the plugin.

paul_jacoby
Connect Contributor III
4 years ago
We are seeing the same -- a new scan is required for an asset to show the plugin as an Info. Currently we have some assets showing Critical (last scanned ~6/2), some High (last scanned ~6/19) and now Info (last scanned 6/23).
In the Vulnerabilities screen filtered by plugin, the output line shows Severity Info, VPR 9.5, CVSS 0.
Meanwhile the plugin details screen at the Vulnerabilities>Vulnerability Details level still shows Severity Critical, CVSS 10.0, but no VPR score.
Plugin Set: 202206231847

Forum Discussion

Zero Click Zero Day in Microsoft Support Diagnostic Tool...

Recent Discussions

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

CVE-2025-7775: Citrix NetScaler ADC and Gateway Zero-Day RCE Vulnerability Exploited in the Wild

CVE-2025-25256: Proof of Concept Released for Fortinet FortiSIEM Command Injection Vulnerability

Microsoft’s August 2025 Patch Tuesday Addresses 107 CVEs (CVE-2025-53779)

Americas

Europe

Asia / Australia