Fully Managed Technology Services

Organizations with 20–100 employees.

Co-Managed Technology Services

Organizations with 100+ employees with an internal IT team.

About Elevity

Elevity is one of the largest and most capable technology management providers in the Midwest. Our team of technology experts can help you reach a truly elevated level of IT strategy, security, solutions and support.

A division of
A division of

Managed IT Blog

The Importance of Data Retention & Storage for Your Business

Resources

Comprehensive Guides

Cybersecurity Tips For Employees

FEATURED RESOURCE

Cybersecurity Tips For Employees

Download now →

Contact Elevity

Technical Support

Technical Support

888.733.4060
support@elevityit.com

Headquarters

Headquarters

2675 Research Park Drive
Madison, WI 53711

A division of
A division of
REQUEST A CONSULTATION
REQUEST A CONSULTATION
REQUEST A CONSULTATION
  • There are no suggestions because the search field is empty.
gray wave
Cybersecurity | Security | Microsoft | 1 min read

Elevity Cybersecurity Alert: Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Zero-Day Vulnerability in Windows (CVE-2022-30190)

Peter Niebler
Written by Peter Niebler
06/01/2022

Elevity would like to inform you of CVE-2022-30190, a new critical remote code execution (RCE) vulnerability affecting all versions of Windows. If you use Windows in your environment, we recommend reviewing this blog and applying the workaround provided by Microsoft for CVE-2022-30190.

Summary

On Friday, May 27, Security vendor nao_sec identified a malicious document leveraging a zero-day RCE vulnerability (CVE-2022-30190) in Microsoft Windows Support Diagnostic Tool (MSDT).

The actively exploited vulnerability exists when MSDT is called using the URL protocol from a calling application, such as Microsoft Word. By sending a specially crafted Word document that calls out to a remote URL and downloads a malicious payload, a threat actor could gain persistence and run arbitrary code with the privileges of the calling application.

Note: Successful exploitation requires one of the following conditions:

  • A malicious document (such as .doc and .docx) is opened by a targeted user and "Enable editing" is clicked.
  • A malicious .rtf document is previewed or opened by a targeted user.

Recommendations

Recommendation #1: Be on the Latest Elevity Offering
At this time, there is no patch available from Microsoft to mitigate the vulnerability, however, Elevity has seen in the wild where our EDR solution or EDR + SOC solution has detected and stopped these attacks. If you are on the Elevity offerings for EDR (SentinelOne) and/or our 4.0 offering with our SOC you are covered.

Not partnered with Elevity yet? Click here to request a
consultation to get started today!

Recommendation #2: Explore Applying Workaround Provided by Microsoft
Microsoft has provided guidance on a work around for those not in our latest offering. Early testing by Elevity have shown these registry edits to cause issues with using the Microsoft Office Suite so we will not be pushing these automatically unless you have an internal IT team and are confident in your ability to perform these changes.

Note: We recommend following change management best practices for testing the workaround in a dev environment before deploying to production systems.

Review Microsoft’s guidance here to apply the workaround to your affected system(s)

References

  1. Twitter
  2. Follina — a Microsoft Office code execution vulnerability
  3. CVE-2022-30190 Advisory
  4. CVE-2022-30190 Guidance

Practical tips & strategies
Previous Story
← How to Discover and Remove Information on the Dark Web
Next Story
The Truth About Cloud Storage vs. Local Storage Costs in 2022 →

Subscribe by Email

2675 Research Park Drive
Madison, WI 53711

888.733.4060
support@elevityit.com

A Division Of

GFC-2021-Logo_Blue
© 2024 Gordon Flesch Company. All Rights Reserved.
Security Policy | Terms and Conditions