On May 30, 2022, Microsoft released a security advisory (CVE-2022-30190) addressing a newly discovered zero-day Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability. This vulnerability came to light after an independent cybersecurity research team uncovered a Word document that was uploaded to VirusTotal from an IP address in Belarus.
Read on for more info about the exploit as well as next steps.
According to Microsoft, “An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.”
This bug affects all Windows versions, including Office, Office 2016, and Office 2021, and is reportedly already being exploited by malicious actors.
Nao Sec researchers have explained the path to infection includes the malicious template loading an exploit via a hypertext markup language (HTML) file from a remote server.
There is no patch available at this point, but Microsoft provided a workaround to disable an MSDT URL protocol, which would prevent troubleshooters being launched as links throughout the operating system. Microsoft lists the steps to disable the protocol here.
Customers with Microsoft Defender Antivirus should turn on cloud-delivered protection and automatic sample submission, which use artificial intelligence and machine learning to quickly identify and stop new and unknown threats.
Both the Align Managed Services and Align Cybersecurity teams have analyzed the proposed workaround and will deploy it to all Align Managed Services clients.
Additionally, we remind all users to be vigilant when opening emails and files or installing applications from untrusted sources.
If so, we advise you to contact the Align Managed Services team at help@align.com or via phone at +1 855-IT-ALIGN (1-855-482-5446).
Other contacts: