Threat Intelligence Alert: Microsoft Support Diagnostics Tool - CVE-2022-30190
Incident Report for Pulsant Service
Identified
CVE-2022-30190 / Issue Date: 2022-05-30

Synopsis:

Microsoft have published details of a vulnerability exploiting a weakness within MSDT (Microsoft Support Diagnostics Tool) that would allow an attacker to execute commands on the target device using local permissions.

An example delivery method would be via malicious email attachment however the victim does not have to open the malicious file; simply highlighting/previewing the file is sufficient to trigger the exploit.

Pulsant have applied the workaround recommended by Microsoft on our internal end user estate:
https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/

We advise clients to follow this workaround until an official fix is released by Microsoft.

If you have any questions or concerns please contact support@pulsant.com or call our Support team on 03451199999.

External Links:
https://www.tenable.com/blog/cve-2022-30190-zero-click-zero-day-in-msdt-exploited-in-the-wild
https://github.com/chvancooten/follina.py
Posted Jun 03, 2022 - 15:28 BST
This incident affects: Threat Intelligence Alert.