Vulnerability Details : CVE-2022-30190
Public exploit exists!
<p>A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.</p>
<p>Please see the <a href="https://aka.ms/CVE-2022-30190-Guidance">MSRC Blog Entry</a> for important information about steps you can take to protect your system from this vulnerability.</p>
Vulnerability category: Execute code
CVE-2022-30190 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application.
Added on
2022-06-14
Action due date
2022-07-05
Exploit prediction scoring system (EPSS) score for CVE-2022-30190
Probability of exploitation activity in the next 30 days: 97.14%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2022-30190
-
Microsoft Office Word MSDTJS
Disclosure Date: 2022-05-29First seen: 2022-12-23exploit/windows/fileformat/word_msdtjs_rceThis module generates a malicious Microsoft Word document that when loaded, will leverage the remote template feature to fetch an `HTML` document and then use the `ms-msdt` scheme to execute `PowerShell` code.
CVSS scores for CVE-2022-30190
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
Microsoft Corporation |
CWE ids for CVE-2022-30190
-
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-30190
-
http://packetstormsecurity.com/files/167438/Microsoft-Office-Word-MSDTJS-Code-Execution.html
Microsoft Office Word MSDTJS Code Execution ≈ Packet Storm
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30190
CVE-2022-30190 - Security Update Guide - Microsoft - Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution VulnerabilityPatch;Vendor Advisory
Products affected by CVE-2022-30190
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*
- cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*