Sequretek Advisory - Zero-Day Vulnerability CVE-2022-30190

Microsoft has released information regarding a critical vulnerability, CVE2022-30190, in the Microsoft Support Diagnostic Tools (MSDT) in Windows. The exploitation would result in successful arbitrary code run with the privileges of the calling application.

• Microsoft has released information regarding a zero-day security flaw in its Office productivity suite that could be exploited to achieve code execution on affected systems.

• The tool is included in the system and can be launched via Windows key + R MSDT.

• The vulnerability, identified as CVE-2022-30190, is rated 7.8 out of 10 for severity on the CVSS vulnerability scoring system.

• Microsoft Office versions Office 2013, Office 2016, Office 2019, and Office 2021, as well as Professional Plus editions are impacted.

• A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word.

• An attacker on successful exploitation of this vulnerability can run arbitrary code with the privileges of the calling application.

• The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user's rights.

• The flaw, dubbed Follina, can be exploited even when macros are disabled in Microsoft Word. • Security researchers have reported that this flaw is being exploited.

Sign Up Here for Download