Microsoft Windows Zero-Day Vulnerability
Date of Notice: 05/31/2022
Action Level - High
Description (Microsoft Windows Zero-Day Vulnerability (CVE-2022-30190))
MCNC would like to make you aware of a vulnerability affecting current versions of Windows and Windows Server. This vulnerability allows arbitrary code execution by a remote attacker.
This exploit is known to be currently exploited and at the moment there are no patches available, though Microsoft has disclosed a potential mitigation (details below). MCNC recommends monitoring Microsoft feeds for updates and patching when available, as well as evaluating the mitigation for feasibility in your environment.
Affected OS
- Microsoft Windows 11, 10, 8.1, 7
- Microsoft Windows Server 2019, 2016, 2012, 2008
Attack Vector
An attacker can craft a file to execute arbitrary code when opened or previewed. Though proofs of concept have been released for various Microsoft Office file types, exploitation is not restricted to these file types.
Attack Feasibility
This vulnerability is known to be exploited.
Mitigations
Microsoft has released information on a mitigation which involves disabling the MSDT URL Protocol. Details are linked below.
Remediation
As of 5/31 there are no patches to remediate this vulnerability
Vendor Resources
Main CVE page : patches will appear here when released:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190
Vendor guidance including mitigation instructions:
https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/