监测发现Windows MSDT存在远程代码执行漏洞,不法分子通过社会工程诱使受害者从网站下载并打开特制文件,最终获取用户权限。
MSDT是微软支持诊断工具 (Microsoft Windows Support Diagnositc Tool)的缩写,用以帮助诊断用户可能遇到的问题并记录相关信息。
漏洞名称:
Windows MSDT远程代码执行漏洞
组件名称:
Windows MSDT
影响范围:
Windows Server 2012 R2
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit/x64-based Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for 32-bit/x64-based systems
Windows 7 for 32-bit/x64-based Systems Service Pack 1
Windows Server 2016
Windows 10 Version 1607 for 32-bit/x64-based Systems
Windows 10 for 32-bit/x64-based Systems
Windows 10 Version 21H2 for 32-bit/ARM64-based/x64-based Systems
Windows 11 for x64-based/ARM64-based Systems
Windows 10 Version 20H2 for x64-based/32-bit/ARM64-based Systems
Windows Server 2022 Azure Edition Core Hotpatch
Windows Server 2022
Windows 10 Version 21H1 for x64-based/ARM64-based/32-bit Systems
Windows Server 2019
Windows 10 Version 1809 for 32-bit/x64-based/ARM64-based Systems
漏洞类型:远程代码执行
利用条件:
1、用户认证:不需要用户认证
2、前置条件:无
3、触发方式:攻击者位于远程,通过社会工程诱使受
害者从网站下载并打开特制文件,从而导致对其计算机的本地攻击。
威胁等级:高危
修复建议:关闭MSDT URL协议:
1.使用管理员权限启动命令提示符
2.使用命令”reg export HKEY_CLASSES_ROOT\ms-msdt filename”备份注册表
3.执行命令”reg delete HKEY_CLASSES_ROOT\ms-msdt /f”
撤销临时解决的方案:
1.使用管理员权限启动命令提示符
2.使用命令” reg import filename”恢复注册表
修复详情如下:
https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/
