Pharos response to Microsoft Support Diagnostic Tool (MSDT) vulnerability (CVE-2022-30190) - June 2022

Background:

Recently Microsoft announced a new vulnerability (CVE-2022-30190) relating to the Microsoft Support Diagnostic Tool (MSDT). A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application.

Pharos response:

Pharos has updated our Group Policy to disable the use of Microsoft Troubleshooting tools until a patch has been released by Microsoft and applied to all necessary company assets.

Pharos recommendation:

Pharos recommends that Blueprint and Uniprint customers update their Group Policy to disable the use of Microsoft Troubleshooting tools until a patch has been released by Microsoft and apply to all necessary workstations.