How to Fix the CVE-2022-30190 MSDT Vulnerability

The Microsoft supports diagnostic tool (MSDT) is a Windows server and Windows 11/10/8/7 service that allows Microsoft support representatives to troubleshoot a windows server or windows computer to find a solution to whatever problem that must have occurred.

Do You Use MacOS?: Learn How to Enable or disable notifications for an app on macOS.

Recently, security researcher; Kevin Beaumont discovered a zero-day vulnerability, which he dubbed “Follina” and reported it to Microsoft on April 12.

The vulnerability exploits an office feature to retrieve HTML files, which uses MSDT to execute a power shell code snippet. This vulnerability is reportedly exploited in Office 2021, 2019, 2016, and Office 2013 by Beaumont and other security researchers.

Microsoft has equally issued an official statement on the vulnerability, tagged CVE-2022-30190 on the 30th of May, 2022.

While there is yet to be an update that fixes this vulnerability. This guide shows you a quick workaround to prevent your computer from attackers as released by Microsoft.

You may also like: Broadcom to acquire cloud service firm VMWare for $16bn.

Workaround for CVE-2022-30190 MSDT Vulnerability

You can bypass this vulnerability from the command prompt. Type “CMD” into the windows search bar and run Command Prompt as administrator.

Next, back up the registry key by running the following command: “reg export HKEY_CLASSES_ROOT\ms-msdt filename”. The filename is any name you wish to name the backup.

Then execute the following command: “reg delete HKEY_CLASSES_ROOT\ms-msdt/f”.

This bypasses the vulnerability.

Once Microsoft releases an update that fixes this vulnerability, you may want to undo the changes above. To do so, open the command prompt as an administrator.

Then execute the following command to restore the registry key: “reg import filename”.

That should protect your computer from the CVE-2022-30190 MSDT Zero-day vulnerability.

More Protection for Microsoft Defender Customers

Similarly, if you are a Microsoft defender anti-virus customer, you can turn on cloud-delivered protection and automatic sample submission.

The services helps to identify and stop new and unknown threats by blocking MSDT command lines, terminating processes that launches the command line, or detecting HTML files that contains suspicious MSDT commands.

You can equally enable attack surface reduction rule; “BlockOfficeCreateProcessRule”. If you are a Microsoft defender for Endpoint customer. This rule prevents Office apps from creating child processes that can be used maliciously to attack your computer.

I hope you find this guide helpful, kindly leave a comment if you have any questions.

Leave a Reply

Inline Feedbacks
View all comments