漏洞通告|Microsoft Windows 支持诊断工具 (MSDT) 远程代码执行漏洞
-
作者:火绒安全
-
发布时间:2022-05-31
-
阅读量:2377
漏洞基础信息
漏洞编号 |
CVE-2022-30190 |
漏洞等级 |
严重 |
漏洞类型 |
远程代码执行 |
漏洞状态 |
无官方补丁,0day状态 |
修复版本 |
暂未修复 |
漏洞威胁概况
PoC |
Exp |
在野利用 |
已知 |
已知 |
已发现 |
影响范围
Windows Server
- 2012 R2 (Server Core installation)
- 2012 R2
- 2012 (Server Core installation)
- 2012
- 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
- 2008 R2 for x64-based Systems Service Pack 1
- 2008 for x64-based Systems Service Pack 2 (Server Core installation)
- 2008 for x64-based Systems Service Pack 2
- 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
- 2008 for 32-bit Systems Service Pack 2
- 2016 (Server Core installation)
- 2016
- 20H2 (Server Core Installation)
- 2022 Azure Edition Core Hotpatch
- 2022 (Server Core installation)
- 2019 (Server Core installation)
- 2019
Windows RT 8.1
Windows 8.1
- x64-based systems
- 32-bit systems
Windows 7
- x64-based Systems Service Pack 1
- 32-bit Systems Service Pack 1
Windows 10
- 1607 for x64-based Systems
- 1607 for 32-bit Systems
- x64-based Systems
- 32-bit Systems
- 21H2 for x64-based Systems
- 21H2 for ARM64-based Systems
- 21H2 for 32-bit Systems
- 20H2 for ARM64-based Systems
- 20H2 for 32-bit Systems
- 20H2 for x64-based Systems
- 21H1 for 32-bit Systems
- 21H1 for ARM64-based Systems
- 21H1 for x64-based Systems
- 1809 for ARM64-based Systems
- 1809 for x64-based Systems
- 1809 for 32-bit Systems
Windows 11
- ARM64-based Systems
- x64-based Systems
漏洞描述
Microsoft Office是由微软公司开发的一套办公软件。Microsoft Support Diagnostic Tool(又称微软支持诊断工具)是一种实用程序,用于排除故障并收集诊断数据以供专业人员分析和解决问题。
火绒工程师在复现漏洞时发现,本次漏洞与 CVE-2021-40444 有些相似的点是,攻击者同样可以未经身份验证利用本次漏洞在目标系统上远程执行代码,且 word 程序在这两个漏洞中仅扮演了触发媒介的角色。
本次漏洞中,攻击者可以通过构造带有恶意链接的Office文档发送给用户,诱导用户打开该文档时,则会触发该漏洞,需要注意的是,如果在资源管理器中开启了预览选项,无需用户打开恶意文档,仅预览RTF格式的恶意文档就会触发该漏洞。
鉴于目前该0day漏洞的利用代码已公开,且已出现在野利用的情况,火绒安全建议相关用户尽快采取缓解措施避免受此漏洞影响。火绒安全软件将于近期对该漏洞进行拦截。
临时缓解措施
禁用MSDT URL协议
reg delete HKEY_CLASSES_ROOT\ms-msdt /f
禁用方法参考:
官方通告:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190