Zero-days in Microsoft’s Support Diagnostic Tool make it possible for malicious hackers to inject malware into a system via a converted Word document. Security bug Discovered by nao_sec and has since been recognized by Microsoft and mapped under the name CVE-2022-30190. No Windows update has yet been released for the vulnerability, but Windows Defender has already been updated to detect an attack via the described path. This was not the case until recently.

The exploit uses code that can be executed by the Microsoft Support Diagnostic Tool (msdt) that can be redirected to a fake url. Macros are usually blocked to prevent abuse, but a security researcher discovered that this macro blocking can be overcome by converting the malicious Word file to Rich Text Format. In this way, the code in the Word file can be run without ever opening the document.

For now, Microsoft has shared a workaround where user can disable msdt protocol. This requires modifying the registry, which is a fairly advanced process.

  • Start command prompt as administrator
  • to do support from the HKEY_CLASSES_ROOT\ms-msdt registry key by running the command “reg export HKEY_CLASSES_ROOT\ms-msdt filename” at the command prompt
  • To pick up he is using it now msdt protocol by running the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f” from the command prompt

Sources: via ZDNET, Microsoft

Source: Hardware Info

Previous articleElon Musk Names Tesla’s Biggest Competitor, And It’s Not Who You Think
Next articleTrick for iPhone: how to edit your saved passwords


Please enter your comment!
Please enter your name here