CVE-2022-30190 — Actively Exploited: Windows (Microsoft)
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application.
| CVE ID | CVE-2022-30190 |
|---|---|
| Vendor | Microsoft |
| Product | Windows |
| Vulnerability name | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability |
| Date added | 2022-06-14 |
| Remediation due | 2022-07-05 |
| Known ransomware use | Known |
| Required action | Apply updates per vendor instructions. |
| Description | A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application. |
| Source | CISA Known Exploited Vulnerabilities |
🔍 Search all exploited vulnerabilities →
$1499/mo
Try ExploitWatch →