[Zero-day] Microsoft Security Diagnostic Tool vulnerability causes RCE - Workaround released

[Zero-day] Microsoft Security Diagnostic Tool vulnerability causes RCE - Workaround released

Hey everyone,

 

This forum post is to notify about a zero-day vulnerability that has been reported in Microsoft Security Diagnostic Tool [CVE-2022-30190]. Discovered by an independent cybersecurity researcher team nao_sec, the flaw has been dubbed as Follina.


CVE ID
Description
Impact
CVE-2022-30190
Zero-day
Remote Code Execution

As per MSRC's blog,

 

"A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights."


Workarounds

 

Microsoft has released workarounds to mitigate the vulnerability by disabling the MSDT URL Protocol. Refer here for more info.

 

  

Detection & mitigation using Vulnerability Manager Plus

 

To detect the affected endpoints:

 

1) Log in to the Vulnerability Manager Plus web console.

2) Navigate to Threats > Software Vulnerabilities

 

3) Search for CVE-2022-30190 to find the affected systems.

 

4) Under the Affected Systems column, you'll get a total count of systems affected by this vulnerability.

 

5) Clicking on it will reveal the affected systems.

 


To mitigate the vulnerability:

 

  1. Download the mitigation script from here.

  2. Rename the file as <file_name>.bat

  3. Run the script using command prompt with admin privileges in the affected systems.


If you have any queries, please comment below the post or reach out to us at:

 

 




                New to ADSelfService Plus?