CVE-2022-30190

Summary

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. Please see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability.

Affected Software

VendorProductVersion RangeStatus
MicrosoftWindows 10 Version 180910.0.17763.0 < 10.0.17763.3046affected
MicrosoftWindows 10 Version 180910.0.0 < 10.0.17763.3046affected
MicrosoftWindows Server 201910.0.17763.0 < 10.0.17763.3046affected
MicrosoftWindows Server 2019 (Server Core installation)10.0.17763.0 < 10.0.17763.3046affected
MicrosoftWindows 10 Version 21H110.0.0 < 10.0.19043.1766affected
MicrosoftWindows Server 202210.0.20348.0 < 10.0.20348.770affected
MicrosoftWindows 10 Version 20H210.0.0 < 10.0.19042.1766affected
MicrosoftWindows Server version 20H210.0.0 < 10.0.19042.1766affected
MicrosoftWindows 11 version 21H210.0.0 < 10.0.22000.739affected
MicrosoftWindows 10 Version 21H210.0.19043.0 < 10.0.19044.1766affected
MicrosoftWindows 10 Version 150710.0.10240.0 < 10.0.10240.19325affected
MicrosoftWindows 10 Version 160710.0.14393.0 < 10.0.14393.5192affected
MicrosoftWindows Server 201610.0.14393.0 < 10.0.14393.5192affected
MicrosoftWindows Server 2016 (Server Core installation)10.0.14393.0 < 10.0.14393.5192affected
MicrosoftWindows 76.1.0 < 6.1.7601.25984affected
MicrosoftWindows 7 Service Pack 16.1.0 < 6.1.7601.25984affected
MicrosoftWindows 8.16.3.0 < 6.3.9600.20402affected
MicrosoftWindows Server 2008 R2 Service Pack 16.1.7601.0 < 6.1.7601.25984affected
MicrosoftWindows Server 2008 R2 Service Pack 1 (Server Core installation)6.1.7601.0 < 6.1.7601.25984affected
MicrosoftWindows Server 20126.2.9200.0 < 6.2.9200.23736affected
MicrosoftWindows Server 2012 (Server Core installation)6.2.9200.0 < 6.2.9200.23736affected
MicrosoftWindows Server 2012 R26.3.9600.0 < 6.3.9600.20402affected
MicrosoftWindows Server 2012 R2 (Server Core installation)6.3.9600.0 < 6.3.9600.20402affected

Weaknesses

  • Remote Code Execution

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

References