Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2022-30190: Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Microsoft CVE-2022-30190: Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

05/30/2022

Created

06/01/2022

Added

05/31/2022

Modified

06/16/2022

Description

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. Please see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability.

Solution(s)

msft-kb5014678-4e77e734-7956-4b15-b38a-47807f3b2089
msft-kb5014692-5ea784e2-55f5-4042-8647-c873750bf8a8
msft-kb5014692-69081abb-2fd4-49a6-8da1-2f616f1a9b58
msft-kb5014692-8e0d5166-ddcc-4c50-9559-bca1845003a7
msft-kb5014697-4b89ef50-c400-494f-9a0c-3a45fefe8a6e
msft-kb5014699-268f7033-a18e-4add-88c6-c07a37cf3556
msft-kb5014699-3a5c42e3-b465-44b6-8597-65d32fb1ac65
msft-kb5014699-484773d7-05f9-4e9f-873f-999e2fe021c7
msft-kb5014699-4871a2ce-c611-4bba-ae2e-104120d12ac0
msft-kb5014699-5b969a62-6152-4cc1-8512-121564e027b2
msft-kb5014699-6b6b1213-b96b-479b-a408-0c6d3991f599
msft-kb5014699-fc0d7ac2-8b4e-43a9-a685-e9128700dd1f
msft-kb5014702-2dfd2790-2d42-45e1-9642-c4fdac98579d
msft-kb5014702-50c165c5-e8cf-473d-a6fa-f491340387c0
msft-kb5014702-88280d98-dd5e-446f-b71d-dc91f3df5da5
msft-kb5014710-237681bb-797e-476d-94c2-d36dfbff5c1a
msft-kb5014710-7f44d62b-dc4e-4aae-8e01-4c01ca96e6e1
msft-kb5014741-0a16839b-c796-40c3-8fd4-bc4c9da16dbe
msft-kb5014741-1449e5bd-35d4-4939-b5e8-3c00ab8483e6
msft-kb5014741-8814e0f7-145f-4e2b-844f-8bbd0d99addf
msft-kb5014742-494d09f2-93b3-4bc3-8b23-6b3dfe3c706a
msft-kb5014742-56d11e9b-c79f-4426-83bd-d0a3c7400fe0
msft-kb5014742-9147b571-ceb3-4f3c-bf0a-028bca1faf4a
msft-kb5014742-e6678f12-df70-4474-9501-24b322bbc758
msft-kb5014742-fbc62ec9-aa61-406d-9d59-ebe8730a9de7
msft-kb5014746-9dd857d9-c4df-499a-a7b5-6318ded5b09f
msft-kb5014746-9e1af918-ea34-4f60-a260-f6ce3e9c5a16
msft-kb5014746-c0f93fdb-0e3d-4874-9b0f-8e1f689c93bc

References

https://attackerkb.com/topics/cve-2022-30190
CVE - 2022-30190
5014678
5014692
5014697
5014699
5014702
5014710
5014738
5014741
5014742
5014746
5014747
5014748

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2022-30190: Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

Microsoft CVE-2022-30190: Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.