What You Need to Know About the Newest Microsoft Vulnerability
A newly identified vulnerability, eloquently called CVE-2022-30190, is a new deadly way that bad actors can take control of your computer and run arbitrary lines of code.
This article will be a quick rundown of what it is, how it works, how dangerous it is, and how to avoid it.
How does it work
Essentially, CVE-2022-30190 is a new method of remote code execution that takes advantage of security weaknesses in applications such as Word.
Whenever you click a link in a Word document, it calls up the MDST, or Microsoft Support Diagnostic Tool. Without giving too many details, problems with this MDST protocol allow somebody to locally run scripts with all the same permissions that Word does.
To quote Microsoft:
The attacker can install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.
How dangerous is it?
Microsoft scores this as an 8/10 on the danger quotient, making it pretty spooky. Falling victim to this attack will yield a complete loss of your computers confidentiality, integrity, and availability.
Whether or not each one of those individually gets lost depends on what script the bad actor chooses to run. That being said, without perfect knowledge of what the code actually consists of, it’s safest to assume the worst.
How do you prevent yourself from falling victim to it?
The easiest answer is to just not click links inside of Word documents until a new security update gets released from Microsoft. Of course, getting every update as soon as possible is an important part of this.
More immediately, Microsoft gives the following steps.
- Run Command Prompt as Administrator
- Execute the command “reg export HKEY_CLASSES_ROOT\ms-msdt filename“
- Execute the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f”
Following that, you should be good to go until the update drops. Of course, you should get updates as frequently as possible.