Microsoft warns of RCE vulnerability in Windows diagnostic tool
If you've ever contacted Microsoft support to get Windows or Windows Server issues resolved, you've probably been guided through the Microsoft Support Diagnostic Tool (MSDT). ).
You can open it by typing msdt into Windows Run (Win + R) then having to enter the key code provided by the support staff. Once the key is entered, you can run some diagnostics and send the results directly to Microsoft for further analysis.
However, recently Microsoft has issued a warning about a remote code execution (RCE) vulnerability in MSDT. This security vulnerability affects virtually all versions of Windows and Windows Server including Windows 7, 8.1, 10, 11, Windows Server 2008, 2012, 2016, 2019 and 2022.
This vulnerability has also been assigned a tracking code of CVE-2022-30190 and has a high level of danger. Because the vulnerability has not been patched, Microsoft did not disclose details, but only explained that RCE can occur when MSDT is invoked using the URL protocol from a command-invoking application, such as Microsoft Word.
An attacker can run arbitrary code that can view, delete, or change your files through the privileges of the calling application. For example, if MSDT is invoked through Microsoft Word and run with administrative privileges, the attacker will have corresponding administrative privileges, which is not good for anyone.
Currently, Microsoft recommends that users turn off MSDT through Command Prompt commands. The steps are as follows:
- Run Command Prompt as Admin.
- Backup the registry key with the command: " reg export HKEY_CLASSES_ROOTms-msdt filename ".
- Execute the command: " reg delete HKEY_CLASSES_ROOTms-msdt /f "
If you later feel that MSDT is very important to your work and you accept the risk, you can restore MSDT by following these steps:
- Run Command Prompt as Admin.
- Restore the registry key with the previous backup file: " reg import filename "
Note : In both sections, filename is something you give yourself and name it in the backup section, enter the same in the restore section.
Currently, Microsoft is still working to patch this vulnerability. The software giant emphasized that the vulnerability is being actively exploited by hackers so users should be very careful.
To ensure safety, users should enable cloud delivery protection and automatic sample submission on Microsoft Defender. Meanwhile, customers using Microsoft Defender for Endpoint can configure policies to reduce the attack surface from Office application subprocesses.
You should read it
- New zero-day vulnerability warning in Windows Search, Windows protocol nightmare getting worse
- Microsoft urgently patched zero-day vulnerability after 2 years of refusing to acknowledge it
- 'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
- Detects a vulnerability that threatens all Windows computers shipped from 2012 up to now
- Detected a serious zero-day vulnerability in Microsoft Office, click the document file and it will stick
- Steps to fix PrintNightmare vulnerability on Windows 10
- Detecting zero-day vulnerability in the Dropbox 10 Windows app, users pay attention!
- Google warns of a vulnerability that allows Android smartphones to be attacked with just a phone number
- Microsoft admits a new zero-day vulnerability threatens millions of Windows users
- Microsoft urges Admin to patch PowerShell vulnerability on Windows
- Microsoft fixes a serious vulnerability that has existed for 17 years in Windows Server
- Serious vulnerability in Microsoft Word is being used by hackers to install malware on computers
Maybe you are interested
GTA 6 will be released in fall 2025 How to check MacBook battery status Find out how to fix the computer error saying ime is disabled Navigating International Romance: Tips for Dating Ukrainian Brides Should water basins be placed in air-conditioned rooms? Nearly 3,000 gamers join hands to build New York City at 1:1 scale in Minecraft