New Search

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability - CVE-2022-30190

oval:org.cisecurity:def:9459

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs view change or delete data or create new accounts in the context allowed by the user’s rights. Please see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2012
  • Microsoft Windows 7
  • Microsoft Windows 11
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows 8.1
  • Microsoft Windows Server 2022
  • Microsoft Windows Server 2016
  • Microsoft Windows 10
  • Microsoft Windows Server 2019
Class:
vulnerability
Reference(s):
  • CVE-2022-30190
  • MSRC-CVE-2022-30190
  • KB5014742
  • KB5014741
  • KB5014746
  • KB5014710
  • KB5014702
  • KB5014692
  • KB5014699
  • KB5014678
  • KB5014697
Product(s):