CVE-2022-30190

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jun 1, 2022

Updated: Jan 2, 2025

CWE ID 610

Summary

CVE-2022-30190 is a remote code execution vulnerability that affects Microsoft Office components, specifically the Microsoft Support Diagnostic Tool (MSDT). When MSDT is invoked through the URL protocol by applications like Microsoft Word, an attacker can exploit this vulnerability to run arbitrary code with the privileges of the calling application. The potential consequences include installing malware, accessing sensitive data, creating new accounts, and performing other unauthorized actions. Users are strongly advised to follow the guidance provided in the Microsoft Security Response Center blog entry to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database