Zero-days in Microsoft’s Support Diagnostic Tool make it possible for malicious hackers to inject malware into a system via a converted Word document. Security bug Discovered by nao_sec and has since been recognized by Microsoft and mapped under the name CVE-2022-30190. No Windows update has yet been released for the vulnerability, but Windows Defender has already been updated to detect an attack via the described path. This was not the case until recently.
The exploit uses code that can be executed by the Microsoft Support Diagnostic Tool (msdt) that can be redirected to a fake url. Macros are usually blocked to prevent abuse, but a security researcher discovered that this macro blocking can be overcome by converting the malicious Word file to Rich Text Format. In this way, the code in the Word file can be run without ever opening the document.
For now, Microsoft has shared a workaround where user can disable msdt protocol. This requires modifying the registry, which is a fairly advanced process.
- Start command prompt as administrator
- to do support from the HKEY_CLASSES_ROOT\ms-msdt registry key by running the command “reg export HKEY_CLASSES_ROOT\ms-msdt filename” at the command prompt
- To pick up he is using it now msdt protocol by running the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f” from the command prompt
Sources: via ZDNET, Microsoft
Source: Hardware Info