nao_sec, a cybersecurity researcher came across a booby-trapped Word document that was uploaded by a user based in Belarus. Shortly after, Microsoft referenced the vulnerability under code CVE-2022-30190 and clarified that at the moment there is no fix yet. This flaw allows remote code execution via the Microsoft Support Diagnostic Tool (msdt.exe), which helps diagnose Windows problems. even if macros are disabled.
Once the Word document is opened, one of the OLE objects present in the file will download content located on an external server. This vulnerability works from Windows 7.
There is no official fix yet, but temporary workarounds are possible. If the document is opened by an Office application, the Protected View or Application Guard for Office mode is then engaged and it then prevents the code from executing. But if the format is in RTF, the trap is still active.
While waiting for the final patch, you can run the following commands as an administrator to stop the Microsoft Support Diagnostic Tool.
reg export HKEY_CLASSES_ROOTms-msdt filename -> to save the key (put the name you want instead of filename)
reg delete HKEY_CLASSES_ROOTms-msdt /f -> to fix the vulnerability
reg import filename -> to restore the key once a Windows patch has been deployedMore details at Microsoft on this dedicated page.
.
The post Microsoft warns of a critical flaw detected on Windows appeared first on Gamingsym.