Forum Discussion
Zero Click Zero Day in Microsoft Support Diagnostic Tool...
Zero Click Zero Day in Microsoft Support Diagnostic Tool Exploited in the Wild (CVE-2022-30190)
On May 30, Microsoft released an advisory for a zero-day in the Microsoft Windows Support Diagnostic Tool (MSDT) that has been exploited in the wild and gained considerable researcher attention over the weekend.
CVE-2022-30190 is a remote code execution vulnerability in MSDT that impacts several versions of Microsoft Office, including patched versions of Office 2019 and 2021. An attacker would craft a malicious document, Microsoft Word is common, and send it to their target via email. By exploiting this vulnerability, an attacker can execute commands with the permissions of the application used to open the malicious document. Researchers have found that this vulnerability can be exploited without user interaction. Microsoft has published a workaround and detection information, but no patches as of May 31.
For more information, please visit our blog post.
18 Replies
We're seeing a gradual reduction of High findings when we search for this plugin. Can anyone explain how the data is being updated? Does it depend on the asset being scanned, or is there just process going through all of the vulnerability data changing each record's severity rating from High to Informational?
I note the VPR of the plugin is still 9.5 - will this be reducing at all?
Looks like the CVE definition for CVE-2022-30190 still needs to be updated to add the June 2022 cumulative update plugin 162201 so that we can get valid results for BOD 22-01 CISA Known Exploited Vulnerabilities.
