{"id":582,"date":"2022-06-02T11:39:55","date_gmt":"2022-06-02T11:39:55","guid":{"rendered":"https:\/\/t3x.co.uk\/?p=582"},"modified":"2022-06-02T11:39:55","modified_gmt":"2022-06-02T11:39:55","slug":"cve-2022-30190-exploit","status":"publish","type":"post","link":"https:\/\/t3x.co.uk\/?p=582","title":{"rendered":"CVE-2022-30190 Exploit"},"content":{"rendered":"\n

This refers to a means of launching the Microsoft Support Diagnostics Tool (MSDT) which can be via a URI from a malicious source avoiding normal security checks including browser protected mode. <\/p>\n\n\n\n\n\n\n\n

This tool is for getting support directly from Microsoft or one of their official partners to help a user who is experiencing problems. Malicious use of this tool can give the exploiter access to PowerShell on your Windows computer which is never a good thing. <\/p>\n\n\n\n

The tool is normally launched directly but can be launched in a browser using the special protocol ms-msdt:\/\/<\/strong><\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

Microsoft has published a work around until a patch is provided which is basically disabling the tool. Link here<\/a>.<\/p>\n\n\n\n

The basic procedure:<\/p>\n\n\n

\n
\"\"
Run command prompt in admin mode<\/figcaption><\/figure>\n<\/div>\n\n
\n
\"\"
Backup the key somewhere in case you need it later<\/figcaption><\/figure>\n<\/div>\n\n
\n
\"\"
Then delete it<\/figcaption><\/figure>\n<\/div>\n\n\n

Command to Restore Registry Key<\/p>\n\n\n\n

reg import C:\\MSDT\\msdt_backup.reg<\/p>\n","protected":false},"excerpt":{"rendered":"

This refers to a means of launching the Microsoft Support Diagnostics Tool (MSDT) which can be via a URI from a malicious source avoiding normal security checks including browser protected mode.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[5,40],"tags":[46,44,17],"class_list":["post-582","post","type-post","status-publish","format-standard","hentry","category-microsoft","category-threats","tag-security","tag-vulnerabilities","tag-windows"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p3XT9c-9o","_links":{"self":[{"href":"https:\/\/t3x.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/582","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/t3x.co.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/t3x.co.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/t3x.co.uk\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/t3x.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=582"}],"version-history":[{"count":1,"href":"https:\/\/t3x.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/582\/revisions"}],"predecessor-version":[{"id":587,"href":"https:\/\/t3x.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/582\/revisions\/587"}],"wp:attachment":[{"href":"https:\/\/t3x.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=582"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/t3x.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=582"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/t3x.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=582"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}