The Cybersecurity and Infrastructure Security Agency (CISA) has added one Microsoft Support Diagnostic Tool (MSDT) vulnerability (aka “Follina”) to its Known Exploited Vulnerabilities Catalog.
An attacker could exploit this vulnerability to take over impacted systems.
On May 30, 2022, Microsoft released the guidance for the MSDT remote code execution vulnerability dubbed Follina CVE-2022-30190 (CVSS 7.8).
“A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights,” Microsoft wrote in the advisory.
Microsoft also warned in the advisory that “exploitation was likely” and also added workaround guidance at the time to include the disabling of the MSDT protocol, which would prevent the launch of troubleshooters as links throughout the Windows operating system.
Readers can check out the most recently added exploited vulnerabilities as of June 14, 2022.