Microsoft Products Remote Code Execution Vulnerability

Last Update Date: 15 Jun 2022 Release Date: 31 May 2022 10833 Views

RISK: Extremely High Risk

Extremely High Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

A vulnerability was identified in Microsoft Products. A remote user can exploit this vulnerability to trigger remote code execution on the targeted system.

 

Note:
CVE-2022-30190 is being exploited in the wild. A remote code execution vulnerability exists when MSDT (Microsoft Diagnostic Tool) is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.

 

[Updated on 2022-06-15]

Update available patch released by vendor on "Solution"

Impact

  • Remote Code Execution

System / Technologies affected

  • Windows Server 2012 R2 (Server Core installation)
  • Windows Server 2012 R2
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2012
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows RT 8.1
  • Windows 8.1 for x64-based systems
  • Windows 8.1 for 32-bit systems
  • Windows 7 for x64-based Systems Service Pack 1
  • Windows 7 for 32-bit Systems Service Pack 1
  • Windows Server 2016 (Server Core installation)
  • Windows Server 2016
  • Windows 10 Version 1607 for x64-based Systems
  • Windows 10 Version 1607 for 32-bit Systems
  • Windows 10 for x64-based Systems
  • Windows 10 for 32-bit Systems
  • Windows 10 Version 21H2 for x64-based Systems
  • Windows 10 Version 21H2 for ARM64-based Systems
  • Windows 10 Version 21H2 for 32-bit Systems
  • Windows 11 for ARM64-based Systems
  • Windows 11 for x64-based Systems
  • Windows Server, version 20H2 (Server Core Installation)
  • Windows 10 Version 20H2 for ARM64-based Systems
  • Windows 10 Version 20H2 for 32-bit Systems
  • Windows 10 Version 20H2 for x64-based Systems
  • Windows Server 2022 Azure Edition Core Hotpatch
  • Windows Server 2022 (Server Core installation)
  • Windows Server 2022
  • Windows 10 Version 21H1 for 32-bit Systems
  • Windows 10 Version 21H1 for ARM64-based Systems
  • Windows 10 Version 21H1 for x64-based Systems
  • Windows Server 2019 (Server Core installation)
  • Windows Server 2019
  • Windows 10 Version 1809 for ARM64-based Systems
  • Windows Server 2019
  • Windows 10 Version 1809 for x64-based Systems
  • Windows 10 Version 1809 for 32-bit Systems

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Fixes issued by the vendor:

Workaround issued by the vendor:

Vulnerability Identifier

Source

Related Link

Related Tags

MicrosoftRemote Code ExecutionExploit In The Wild

Share with

Previous

Debian Linux Kernel Multiple Vulnerabilities

14 Jun 2022 6175 Views

Next

Zoom Products Multiple Vulnerabilities

15 Jun 2022 5759 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY