← ExploitWatch
HomeExploited Vulnerabilities

CVE-2022-30190 — Actively Exploited: Windows (Microsoft)

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application.

CVE IDCVE-2022-30190
VendorMicrosoft
ProductWindows
Vulnerability nameMicrosoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
Date added2022-06-14
Remediation due2022-07-05
Known ransomware useKnown
Required actionApply updates per vendor instructions.
DescriptionA remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →