Microsoft warns of RCE vulnerability in Windows diagnostic tool
You can open it by typing msdt into Windows Run (Win + R) then having to enter the key code provided by the support staff. Once the key is entered, you can run some diagnostics and send the results directly to Microsoft for further analysis.
However, recently Microsoft has issued a warning about a remote code execution (RCE) vulnerability in MSDT. This security vulnerability affects virtually all versions of Windows and Windows Server including Windows 7, 8.1, 10, 11, Windows Server 2008, 2012, 2016, 2019 and 2022.
This vulnerability has also been assigned a tracking code of CVE-2022-30190 and has a high level of danger. Because the vulnerability has not been patched, Microsoft did not disclose details, but only explained that RCE can occur when MSDT is invoked using the URL protocol from a command-invoking application, such as Microsoft Word.
An attacker can run arbitrary code that can view, delete, or change your files through the privileges of the calling application. For example, if MSDT is invoked through Microsoft Word and run with administrative privileges, the attacker will have corresponding administrative privileges, which is not good for anyone.
Currently, Microsoft recommends that users turn off MSDT through Command Prompt commands. The steps are as follows:
- Run Command Prompt as Admin.
- Backup the registry key with the command: " reg export HKEY_CLASSES_ROOTms-msdt filename ".
- Execute the command: " reg delete HKEY_CLASSES_ROOTms-msdt /f "
If you later feel that MSDT is very important to your work and you accept the risk, you can restore MSDT by following these steps:
- Run Command Prompt as Admin.
- Restore the registry key with the previous backup file: " reg import filename "
Note : In both sections, filename is something you give yourself and name it in the backup section, enter the same in the restore section.
Currently, Microsoft is still working to patch this vulnerability. The software giant emphasized that the vulnerability is being actively exploited by hackers so users should be very careful.
To ensure safety, users should enable cloud delivery protection and automatic sample submission on Microsoft Defender. Meanwhile, customers using Microsoft Defender for Endpoint can configure policies to reduce the attack surface from Office application subprocesses.
You should read it
- 'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
- Detects a vulnerability that threatens all Windows computers shipped from 2012 up to now
- Detected a serious zero-day vulnerability in Microsoft Office, click the document file and it will stick
- Steps to fix PrintNightmare vulnerability on Windows 10
- Detecting zero-day vulnerability in the Dropbox 10 Windows app, users pay attention!
- Google warns of a vulnerability that allows Android smartphones to be attacked with just a phone number
- Microsoft admits a new zero-day vulnerability threatens millions of Windows users
- Microsoft urges Admin to patch PowerShell vulnerability on Windows
May be interested
- Detects a vulnerability that threatens all Windows computers shipped from 2012 up to nowsecurity researchers have found a vulnerability in the microsoft windows platform binary table (wpbt). this vulnerability can be exploited by hackers to install rootkits on all windows computers shipped from 2012 to the present.
- Google warns of a vulnerability that allows Android smartphones to be attacked with just a phone numbergoogle researchers have discovered and reported 18 zero-day vulnerabilities in samsung-made exynos modems found in dozens of android phones, watches, and vehicles.
- How to use Windows Reliability Monitor to check Windows healthif your windows computer suddenly shuts down or applications keep crashing, you can use the windows reliability monitor tool. this is a testing tool, a diagnostic tool to see if there are any problems with your windows computer.
- Microsoft urges Admin to patch PowerShell vulnerability on Windowsmicrosoft has just asked for it admins of organizations and businesses to immediately patch the vulnerability in powershell 7. the reason is that this vulnerability allows hackers to bypass windows defender application control (wdac) enforcement measures.
- Detected a serious zero-day vulnerability in Microsoft Office, click the document file and it will stickthe newly discovered vulnerability is called follina and currently there is no official patch from microsoft.
- Working with the Domain Controller Diagnostic Utility - Part 4in this article, i will show you some more tests that can be performed on the domain controller diagnostic tool.
- New zero-day vulnerability warning in Windows Search, Windows protocol nightmare getting worsea new windows search vulnerability can be exploited to automatically open a search window containing remotely hosted malicious executable files just by launching a word document.
- Microsoft fixes a serious vulnerability that has existed for 17 years in Windows Serverthe vulnerability has tracking code cve-2020-1350 and its official name is sigred. it has been in windows dns server for nearly two decades and has only recently been successfully handled by the efforts of microsoft experts with help from the checkpoint security security team.
- Serious vulnerability in Microsoft Word is being used by hackers to install malware on computersa zero day vulnerability in microsoft word is being exploited to install malware on windows machines.
- How to check CPU with Intel Processor Diagnostic Toolthe intel processor diagnostic tool will check the status of the cpu and stress test the cpu to see if the cpu has any problems.