Microsoft has just alerted users to the presence of a critical security vulnerability in the Support Diagnostic Tool )MSDT) in Windows. According to the statements of the manufacturer, this vulnerability allows an attacker to execute code remotely from a calling application such as Word for example.
Not a week goes by without Windows users being threatened by a new flaw or terrible malware. We remember, for example, these false installation files which actually hid dangerous spyware. Or this application to install the Google Play Store which contained other malware.
This time, the alert of the day does not come from a company specializing in computer security, but from Microsoft itself. Indeed, the Redmond firm claims to have discovered the presence of a critical security vulnerability within the support diagnostic tool (MSDT).
This tool, accessible by typing MSDT in the Windows Run command (Win+R) allows you to run various diagnostics on your PC. However, you will need to have contacted Microsoft’s technical service in advance, which will provide you with a password to access the MSDT. You can then send the results to Microsoft’s technical teams, who will perform an in-depth analysis of the data.
A flaw in the Windows diagnostic tool!
However, Microsoft has just realized thata vulnerability in the MSDT allows an attacker to execute remote code (RCE). This flaw affects virtually all versions of Windows and Windows Server, including Windows 7, 8.1, 10, Windows 11, Windows Server 2008, 2012, 2016, 2019, and 2022.
This flaw, listed as CVE-2022-30190, has a high severity level. According to Microsoft, remote code execution can occur when the MDST is invoked using the URL protocol of a calling application such as Microsoft Word.
“An attacker who successfully exploited this vulnerability can execute arbitrary code with the privileges of the calling application. The attack can then install programs, view, modify or delete data, or create new accounts in the context authority by the user’s rights”, details Microsoft on its official blog.
Unable to propose a fix at the time of writing these lines, Microsoft recommends disabling the Windows Diagnostic Tool by entering the following commands in Command Prompt:
- Run command prompt as administrator
- To back up the registry key, run the command “reg export HKEY_CLASSES_ROOT\ms-msdt filename”
- Run the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f”
Microsoft will update their blog post as soon as they have more information about the flaw and the fix.