Elevity Services

READY TO ELEVATE YOUR TECHNOLOGY?

Gain a deeper understanding of how Elevity’s approach to technology management will impact your organization.

About Elevity

Elevity is one of the largest and most capable technology management providers in the Midwest. Our team of technology experts can help you reach a truly elevated level of IT strategy, security, solutions and support.

A division of

GFC-2021-Logo_Blue

NEXT EVENT: FEBRUARY 3

How to Insure Yourself Against a Cyberattack

Learn more →

support-icon
map-icon

Headquarters

2675 Research Park Drive
Madison, WI 53711

A division of

GFC-2021-Logo_Blue

Elevity Cybersecurity Alert: Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Zero-Day Vulnerability in Windows(CVE-2022-30190)

Paul Hager
06/01/2022
gray-wave-full
Facebook LinkedIn Twitter Email

Elevity would like to inform you of CVE-2022-30190, a new critical remote code execution (RCE) vulnerability affecting all versions of Windows. If you use Windows in your environment, we recommend reviewing this blog and applying the workaround provided by Microsoft for CVE-2022-30190.

Summary

On Friday, May 27, Security vendor nao_sec identified a malicious document leveraging a zero-day RCE vulnerability (CVE-2022-30190) in Microsoft Windows Support Diagnostic Tool (MSDT).

The actively exploited vulnerability exists when MSDT is called using the URL protocol from a calling application, such as Microsoft Word. By sending a specially crafted Word document that calls out to a remote URL and downloads a malicious payload, a threat actor could gain persistence and run arbitrary code with the privileges of the calling application.

Note: Successful exploitation requires one of the following conditions:

  • A malicious document (such as .doc and .docx) is opened by a targeted user and "Enable editing" is clicked.
  • A malicious .rtf document is previewed or opened by a targeted user.

Recommendations

Recommendation #1: Be on the Latest Elevity Offering
At this time, there is no patch available from Microsoft to mitigate the vulnerability, however, Elevity has seen in the wild where our EDR solution or EDR + SOC solution has detected and stopped these attacks. If you are on the Elevity offerings for EDR (SentinelOne) and/or our 4.0 offering with our SOC you are covered.


Not partnered with Elevity yet? Click here to request a
consultation to get started today!


Recommendation #2: Explore Applying Workaround Provided by Microsoft
Microsoft has provided guidance on a work around for those not in our latest offering. Early testing by Elevity have shown these registry edits to cause issues with using the Microsoft Office Suite so we will not be pushing these automatically unless you have an internal IT team and are confident in your ability to perform these changes.

Note: We recommend following change management best practices for testing the workaround in a dev environment before deploying to production systems.

Review Microsoft’s guidance here to apply the workaround to your affected system(s)

References

  1. Twitter
  2. Follina — a Microsoft Office code execution vulnerability
  3. CVE-2022-30190 Advisory
  4. CVE-2022-30190 Guidance
New call-to-action

Subscribe by Email