Microsoft has discovered a vulnerability (CVE-2022-30190) in the “Microsoft Support Diagnostic Tool” (MSDT) that affects all Windows and Server versions. The tool is included in the system and can be launched via Windows key + R MSDT so that one can contact support staff.
Microsoft itself writes: A remote code execution vulnerability exists when MSDT is invoked over the URL protocol from a calling application such as Word. An attacker who successfully exploited this vulnerability could run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change or delete data, or create new accounts in the context permitted by the user’s privileges.”
The problem is currently being worked on. However, there is a workaround to prevent access.
- Start command prompt as administrator
- Create a backup of the registry key:
reg export HKEY_CLASSES_ROOTms-msdt filenamefilename is the name you can assign. - Then delete the key:
reg delete HKEY_CLASSES_ROOTms-msdt /f - To recover the key, type:
reg import filename
Anyone who uses Microsoft Defender with the signature 1.367.719.0 or higher recognizes this under the messages:
- Trojan:Win32/Mesdetty.A
- Trojan:Win32/Mesdetty.B
- Behavior:Win32/MesdettyLaunch.A
- Behavior:Win32/MesdettyLaunch.B
- Behavior:Win32/MesdettyLaunch.C
[related_posts_by_tax taxonomies=”post_tag”]
The post Microsoft Support Diagnostic Tool with a vulnerability [Workaround] appeared first on Gamingsym.