1. Home
  2. Vulnerabilities
  3. CVE-2022-30190

CVE-2022-30190 (Follina)

CVSS v3.1 7.8 (High)
78% Progress
CVSS v2.0 9.3 (High)
93% Progress
EPSS 96.37 % (100th)
96.37% Progress
Affected Products 16
Advisories 2
NVD Status Analyzed
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.
Please see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability.

Weaknesses
CWE-610
Externally Controlled Reference to a Resource in Another Sphere
Alias
CVE Status
PUBLISHED
NVD Status
Analyzed
CNA
Microsoft Corporation
Published Date
2022-06-01 20:15:07
(2 years ago)
Updated Date
2024-06-28 14:14:37
(2 months ago)
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
Description
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application.
Required Action
Apply updates per vendor instructions.
Known to be Used in Ransomware Campaigns
Unknown
Vendor
Microsoft
Product
Windows
In CISA Catalog from
2022-06-14
(2 years ago)
Due Date
2022-07-05
(2 years ago)

Affected Products

Microsoft

Configuration #1

    CPE23 From Up To
  Microsoft Windows 10 1507 prior 10.0.10240.19325 version cpe:2.3:o:microsoft:windows_10_1507 < 10.0.10240.19325
  Microsoft Windows 10 1607 prior 10.0.14393.5192 version cpe:2.3:o:microsoft:windows_10_1607 < 10.0.14393.5192
  Microsoft Windows 10 1809 prior 10.0.17763.3046 version cpe:2.3:o:microsoft:windows_10_1809 < 10.0.17763.3046
  Microsoft Windows 10 20h2 prior 10.0.19042.1766 version cpe:2.3:o:microsoft:windows_10_20h2 < 10.0.19042.1766
  Microsoft Windows 10 21h1 prior 10.0.19043.1766 version cpe:2.3:o:microsoft:windows_10_21h1 < 10.0.19043.1766
  Microsoft Windows 10 21h2 prior 10.0.19044.1766 version cpe:2.3:o:microsoft:windows_10_21h2 < 10.0.19044.1766
  Microsoft Windows 11 21h2 prior 10.0.22000.739 version cpe:2.3:o:microsoft:windows_11_21h2 < 10.0.22000.739
  Microsoft Windows 7 SP1 cpe:2.3:o:microsoft:windows_7:-:sp1
  Microsoft Windows 8.1 cpe:2.3:o:microsoft:windows_8.1:-
  Microsoft Windows Rt 8.1 cpe:2.3:o:microsoft:windows_rt_8.1:-
  Microsoft Windows Server 2008 SP2 cpe:2.3:o:microsoft:windows_server_2008:-:sp2
  Microsoft Windows Server 2008 R2 SP1 cpe:2.3:o:microsoft:windows_server_2008:r2:sp1
  Microsoft Windows Server 2012 cpe:2.3:o:microsoft:windows_server_2012:-
  Microsoft Windows Server 2012 R2 cpe:2.3:o:microsoft:windows_server_2012:r2
  Microsoft Windows Server 2016 prior 10.0.14393.5192 version cpe:2.3:o:microsoft:windows_server_2016 < 10.0.14393.5192
  Microsoft Windows Server 2019 prior 10.0.17763.3046 version cpe:2.3:o:microsoft:windows_server_2019 < 10.0.17763.3046
  Microsoft Windows Server 2022 prior 10.0.20348.770 version cpe:2.3:o:microsoft:windows_server_2022 < 10.0.20348.770
  Microsoft Windows Server 20h2 prior 10.0.19042.1766 version cpe:2.3:o:microsoft:windows_server_20h2 < 10.0.19042.1766