Skip to main content

CVE-2022-30190 - Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Zero-Day Vulnerability in Windows

On Friday, May 27, 2022, Security vendor nao_sec identified a malicious document leveraging a zero-day remote code execution RCE vulnerability (CVE-2022-30190) in Microsoft Windows Support Diagnostic Tool (MSDT) with a High severity CVSS 7.8 score.

The actively exploited vulnerability exists when MSDT is called using the URL protocol from a calling application, such as Microsoft Word. By sending a specially crafted Word document that calls out to a remote URL and downloads a malicious payload, a threat actor could gain persistence and run arbitrary code with the privileges of the calling application.

Note: Successful exploitation requires one of the following conditions:

  • A malicious document (such as .doc and .docx) is opened by a targeted user and "Enable editing" is clicked.

  • A malicious .rtf document is previewed or opened by a targeted user.

Based on the publicly available Proof of Concept (PoC) exploit code and the ease of exploitation, Arctic Wolf assesses this vulnerability to be a high risk and strongly recommends that customers apply the applicable workaround provided by Microsoft promptly.

Recommendations for CVE-2022-30190

Recommendation: Explore Applying Workaround Provided by Microsoft

As of May 31, 2022, there is no patch available from Microsoft to mitigate the vulnerability, however, there is guidance provided for a workaround.

Note: Arctic Wolf recommends the following change management best practices for testing the workaround in a dev environment before deploying to production systems.

Review Microsoft’s guidance to apply the workaround to your affected system(s):


About the Author

Sule Tatar is a Product Marketing Manager at Arctic Wolf, where she does research on security trends and brings groundbreaking cybersecurity products and services to market. She has extensive experience in the B2B cybersecurity space and holds a bachelor's degree in computer engineering and an MBA.

Profile Photo of Sule Tatar