Microsoft Security Response CenterMSRC:023FEF60BCC2EE0035211FC95DB999BC

HistoryMay 30, 2022 - 7:00 a.m.

Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability

2022-05-3007:00:00

Microsoft Security Response Center

link

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.97 High

EPSS

Percentile

99.6%

JSON

UPDATE July 12, 2022: As part of the response by Microsoft, a defense in depth variant has been found and fixed in the Windows July cumulative updates. Microsoft recommends installing the July updates as soon as possible. Windows Version Link to KB article LInk to Catalog Windows 8.1, Windows Server 2012 R2 5015805 Download Windows Server 2012 5015805 Download Windows 7, Windows Server 2008 R2 5015805 Download Windows Server 2008 SP2 5015805 Download On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows vulnerability.

thn 20

cisa_kev 1

githubexploit 47

rapid7blog 6

trellix 10

nessus 11

openvas 6

hivepro 5

prion 1

msrc 3

packetstorm 2

qualysblog 9

metasploit 1

schneier 1

malwarebytes 7

mscve 2

talosblog 1

hackerone 1

cisa 1

threatpost 4

cve 1

kaspersky 2

checkpoint_advisories 1

zdt 1

krebs 1

pentestpartners 1

attackerkb 1

securelist 4

avleonov 2

googleprojectzero 1

mskb 12

ics 1

thn

Some Members of Conti Group Targeting Ukraine in Financially Motivated Attacks

2022-09-07 14:42:00

Russian Sandworm Hackers Impersonate Ukrainian Telecoms to Distribute Malware

2022-09-20 12:56:00

GoldenJackal: New Threat Group Targeting Middle Eastern and South Asian Governments

2023-05-23 15:30:00

cisa_kev

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

2022-06-14 00:00:00

githubexploit

Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft

2022-06-15 22:49:21

Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft

2022-06-01 23:27:14

Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft

2022-06-02 13:43:20

rapid7blog

CVE-2022-30190: "Follina" Microsoft Support Diagnostic Tool Vulnerability

2022-05-31 15:15:16

Metasploit Weekly Wrap-Up

2022-06-10 18:07:05

Metasploit Weekly Wrap-Up

2022-09-02 19:39:21

trellix

Beyond File Search: A Novel Method

2023-07-26 00:00:00

Trellix Global Defenders: Follina — Microsoft Office Zero-Day (CVE-2022-30190)

2022-06-03 00:00:00

Beyond File Search: A Novel Method

2023-07-26 00:00:00

nessus

The Microsoft Windows Support Diagnostic Tool (MSDT) RCE Workaround Detection (CVE-2022-30190)

2022-05-31 00:00:00

KB5014743: Windows Server 2008 Security Update (June 2022)

2022-06-14 00:00:00

KB5014742: Windows 7 and Windows Server 2008 R2 Security Update (June 2022)

2022-06-14 00:00:00

openvas

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability (Follina)

2022-06-01 00:00:00

Microsoft Windows Multiple Vulnerabilities (KB5014748)

2022-06-15 00:00:00

Microsoft Windows Multiple Vulnerabilities (KB5014710)

2022-06-15 00:00:00

hivepro

Follina: A zero-day vulnerability in Microsoft Office

2022-06-15 10:13:53

Exploitation of Follina leads to takeover of domain controller

2022-11-04 12:38:02

Actors, Threats and Vulnerabilities 22 to 28 May 2023

2023-05-30 07:42:00

prion

Remote code execution

2022-06-01 20:15:00

msrc

Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability

2022-05-30 07:00:00

CVE-2022-30190 マイクロソフトサポート診断ツールの脆弱性に関するガイダンス

2022-05-30 07:00:00

Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability

2022-05-30 23:25:16

packetstorm

Microsoft Office Word MSDTJS Code Execution

2022-06-07 00:00:00

Microsoft Office MSDT Follina Proof Of Concept

2022-05-31 00:00:00

qualysblog

Detect the Follina MSDT Vulnerability (CVE-2022-30190) with Qualys Multi-Vector EDR & Context XDR

2022-06-14 20:52:25

Launching Qualys Cloud Threat Database

2023-02-08 13:50:00

In-Depth Look Into Data-Driven Science Behind Qualys TruRisk

2022-10-10 14:32:29

metasploit

Microsoft Office Word MSDTJS

2022-05-30 17:23:18

schneier

Clever — and Exploitable — Windows Zero-Day

2022-06-01 18:25:36

malwarebytes

Woody RAT: A new feature-rich malware spotted in the wild

2022-08-03 21:25:52

Woody RAT: A new feature-rich malware spotted in the wild

2022-08-03 21:00:00

FAQ: Mitigating Microsoft Office’s ‘Follina’ zero-day

2022-06-01 16:36:44

mscve

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

2022-05-30 07:00:00

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

2022-08-09 07:00:00

talosblog

Threat Advisory: Zero-day vulnerability in Microsoft diagnostic tool MSDT could lead to code execution

2022-06-02 14:53:52

hackerone

Reddit: Unrestricted File Upload on reddit.secure.force.com

2022-06-20 09:10:53

cisa

Microsoft Releases Workaround Guidance for MSDT "Follina" Vulnerability

2022-05-31 00:00:00

threatpost

Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug

2022-06-23 12:21:33

Follina Exploited by State-Sponsored Hackers

2022-06-07 12:45:00

Microsoft Releases Workaround for ‘One-Click’ 0Day Under Active Attack

2022-06-01 10:38:37

cve

CVE-2022-30190

2022-06-01 20:15:00

kaspersky

KLA12549 RCE vulnerability in Microsoft Windows

2022-05-30 00:00:00

KLA12550 RCE vulnerability in Microsoft Products (ESU)

2022-05-30 00:00:00

checkpoint_advisories

Microsoft Support Diagnostic Tool Remote Code Execution (CVE-2022-30190)

2022-06-01 00:00:00

zdt

Microsoft Office Word MSDTJS Code Execution Exploit

2022-06-07 00:00:00

krebs

Microsoft Patch Tuesday, June 2022 Edition

2022-06-15 04:52:30

pentestpartners

Follina 0day exploit. Malicious code execution in Office docs

2022-06-01 05:38:30

attackerkb

CVE-2022-30190

2022-06-01 00:00:00

securelist

IT threat evolution Q2 2022

2022-08-15 12:00:34

CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction

2022-06-06 08:00:02

IT threat evolution in Q2 2022. Non-mobile statistics

2022-08-15 12:00:43

avleonov

Microsoft Patch Tuesday June 2022: Follina RCE, NFSV4.1 RCE, LDAP RCEs and bad patches

2022-06-25 12:32:07

Microsoft Patch Tuesday August 2022: DogWalk, Exchange EOPs, 13 potentially dangerous, 2 funny, 3 mysterious vulnerabilities

2022-08-23 00:00:26

googleprojectzero

2022 0-day In-the-Wild Exploitation…so far

2022-06-30 00:00:00

mskb

June 14, 2022—KB5014748 (Monthly Rollup)

2022-06-14 07:00:00

June 14, 2022—KB5014742 (Security-only update)

2022-06-14 07:00:00

June 14, 2022—KB5014710 (OS Build 10240.19325) - EXPIRED

2022-06-14 07:00:00

ics

2022 Top Routinely Exploited Vulnerabilities

2023-08-03 12:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.97 High

EPSS

Percentile

99.6%

JSON

Related for MSRC:023FEF60BCC2EE0035211FC95DB999BC