all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Coverage Advisory for CVE-2022-30190: Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

Add to bookmarks
June 2, 2022, 8:19 a.m. | Jithin Nair

Security Boulevard securityboulevard.com

Background


On May 27, 2022, nao_sec found a malicious Word document submitted to Virustotal from a Belarus IP address. The document was abusing MS-MSDT URI scheme to execute PowerShell within the context of Word bypassing local Office macro policies. Microsoft has since released protection guidance and assigned CVE-2022-30190 to this vulnerability.


What is the issue?


Malicious Word documents can use the remote template feature to fetch an HTML file from a remote server and the HTML code can use Microsoft's …

advisory code code execution cve cve-2022-30190 microsoft microsoft windows msdt remote code execution support tool vulnerability windows

Visit resource

More from securityboulevard.com / Security Boulevard

The Next Chapter of Behavioral Threat Assessment for Ontic and SIGMA 2 hours ago | securityboulevard.com
article assessment doing important +17
Nigeria, Romania, Russia, U.S. Among Top Cybercrime Nations 2 hours ago | securityboulevard.com
analytics & intelligence attacks brazil cashing out +28
Dan Solove on Privacy Regulation 4 hours ago | securityboulevard.com
academic papers article consent dan +8
Multiple Squid Vulnerabilities Fixed in Ubuntu 6 hours ago | securityboulevard.com
attacks cache critical denial-of-service (dos) +27
eIDAS 2.0: The concerns surrounding this new standard 7 hours ago | securityboulevard.com
centralization discover eidas facing +5
The 5 Best Practices for PCI DSS Compliance 8 hours ago | securityboulevard.com
best practices blog compliance dss +7
5 Ways to Step Up Your AD Hygiene with Silverfort 8 hours ago | securityboulevard.com
access active directory administrators applications +14
BatBadBut Vulnerability Exposes Windows Systems To Attacks 8 hours ago | securityboulevard.com
attacks batbadbut batch command +35
Back to Security Basics 8 hours ago | securityboulevard.com
back basics businesses computer +22

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Team Lead, Security Operations Center, Cyber Risk

@ Kroll | United Kingdom
View on infosec-jobs.com

Cyber Security Risk Analyst

@ College Board | Remote - Virginia
View on infosec-jobs.com

Lead - IT Security Engineer

@ Bosch Group | BENGALURU, India
View on infosec-jobs.com

Project Cybersecurity Manager

@ Alstom | Bengaluru, KA, IN
View on infosec-jobs.com

Security Consultant

@ CloudSEK | Bengaluru, Karnataka, India
View on infosec-jobs.com
View more jobs