CVE-2022-30190 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.
On June 13, 2018 at 11:20 AM PDT, a zero-day vulnerability was reported in Windows 10, Windows 7, Windows 8.1, Windows Server 2012, and Windows Server 2008. A remote code execution vulnerability was detected in the Microsoft Windows Support Diagnostic Tool (MSDT), a Microsoft Windows utility that allows administrators to monitor and troubleshoot Windows-based computers remotely.
In order to exploit this vulnerability, an attacker would need to be able to access a Windows computer that has the MSDT enabled. Currently, there are two ways to do this: Via a malicious link sent via email, or by visiting a malicious website. If a Windows user has the MSDT enabled and receives a malicious email, the email could exploit this vulnerability and malicious code could be executed on the user’s computer. If a Windows user visits a malicious website, they could also be exploited. Windows users should not visit suspicious websites or open email attachments from unknown senders. An attacker could exploit this vulnerability by providing a link or by visiting a malicious website. If a Windows user has the MSDT enabled and receives a malicious email, the email could exploit this vulnerability and malicious code could be executed on the user’s computer. If a Windows user visits a malicious website, they could also be exploited. Windows users should not visit suspicious websites or open email attachments from unknown senders
Windows Support Diagnostic Tool (MSDT)
The MSDT is a free Microsoft utility that allows administrators to monitor and troubleshoot Windows-based computers remotely. This tool can be found in the ‘Support Tools’ section of your computer or on the system tray. When run, the MSDT will connect to Microsoft servers and provide information about your computer’s availability, error reporting, hardware health, and system settings.
Microsoft has not released a patch for this vulnerability as of yet. However, they have included an update that stops the MSDT from automatically connecting to Microsoft servers if you are using a newer version of Windows 10 or Windows Server 2016.
How Does this Vulnerability Work?
The MSDT allows administrators to monitor and troubleshoot Windows-based computers remotely. The tool provides administrators with a virtual view of the computer and a set of tools for remote troubleshooting. Unfortunately, the MSDT was found to have a zero-day vulnerability that could be exploited by attackers. If an attacker has physical access to a computer that has the MSDT installed, they could exploit this vulnerability and execute malicious code on the target's machine.
Microsoft Support Diagnostic Tool Vulnerability
The zero-day vulnerability was reported on June 13, 2018 and Microsoft was notified the day before. The company released a fix for the issue on June 14. It has been suggested that the exploit could have been used in the wild to hack computers on June 9.
Hackers were able to take control of users' machines because of a vulnerability in Microsoft’s Support Diagnostic Tool (MSDT), a utility designed to help administrators remotely troubleshoot and monitor Windows-based machines. With this bug, anyone with an email or web access could have exploited the flaw without needing to know any login credentials, which leaves it open for abuse by those looking to get their hands on data or install malware.
Microsoft has since issued a fix for the vulnerability and urges Windows users not to visit suspicious websites or open email attachments from unknown senders.
How to Detect If a Windows Computer Has the MSDT Enabled
If you wanted to detect if your Windows computer had the MSDT enabled, you would want to visit the following link:
https://support.microsoft.com/en-us/help/22122790
In order to do this, you would want to open a web browser and type in the above URL in order to view the help page. If you were able to successfully visit this page, then your computer has the MSDT enabled. Otherwise, it does not have the MSDT enabled and is therefore safe from this vulnerability.
Timeline
Published on: 06/01/2022 20:15:00 UTC
Last modified on: 06/07/2022 18:15:00 UTC