1. Home
  2. Vulnerabilities
  3. CVE-2022-34713

CVE-2022-34713

CVSS v3.1 7.8 (High)
78% Progress
EPSS 42.12 % (97th)
42.12% Progress
Affected Products 16
Advisories 2
NVD Status Analyzed
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

Weaknesses
CWE-NVD-noinfo
CVE Status
PUBLISHED
NVD Status
Analyzed
CNA
Microsoft Corporation
Published Date
2022-08-09 20:15:11
(2 years ago)
Updated Date
2024-06-28 14:13:04
(2 months ago)
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
Description
A remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a calling application.
Required Action
Apply updates per vendor instructions.
Known to be Used in Ransomware Campaigns
Unknown
Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34713; https://nvd.nist.gov/vuln/detail/CVE-2022-34713
Vendor
Microsoft
Product
Windows
In CISA Catalog from
2022-08-09
(2 years ago)
Due Date
2022-08-30
(2 years ago)

Affected Products

Microsoft

Configuration #1

    CPE23 From Up To
  Microsoft Windows 10 1507 prior 10.0.10240.19387 version cpe:2.3:o:microsoft:windows_10_1507 < 10.0.10240.19387
  Microsoft Windows 10 1607 prior 10.0.14393.5291 version cpe:2.3:o:microsoft:windows_10_1607 < 10.0.14393.5291
  Microsoft Windows 10 1809 prior 10.0.17763.3287 version cpe:2.3:o:microsoft:windows_10_1809 < 10.0.17763.3287
  Microsoft Windows 10 20h2 prior 10.0.19042.1889 version cpe:2.3:o:microsoft:windows_10_20h2 < 10.0.19042.1889
  Microsoft Windows 10 21h1 on Arm64 prior 10.0.19043.1889 version cpe:2.3:o:microsoft:windows_10_21h1::*:*:*:*:*:arm64 < 10.0.19043.1889
  Microsoft Windows 10 21h2 prior 10.0.19044.1889 version cpe:2.3:o:microsoft:windows_10_21h2 < 10.0.19044.1889
  Microsoft Windows 11 21h2 prior 10.0.22000.856 version cpe:2.3:o:microsoft:windows_11_21h2 < 10.0.22000.856
  Microsoft Windows 7 SP1 on X64 cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64
  Microsoft Windows 7 SP1 on X86 cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86
  Microsoft Windows 8.1 on X64 cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64
  Microsoft Windows 8.1 on X86 cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86
  Microsoft Windows Rt 8.1 cpe:2.3:o:microsoft:windows_rt_8.1:-
  Microsoft Windows Server 2008 R2 SP1 on X64 cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64
  Microsoft Windows Server 2012 cpe:2.3:o:microsoft:windows_server_2012:-
  Microsoft Windows Server 2012 R2 cpe:2.3:o:microsoft:windows_server_2012:r2
  Microsoft Windows Server 2016 prior 10.0.14393.5291 version cpe:2.3:o:microsoft:windows_server_2016 < 10.0.14393.5291
  Microsoft Windows Server 2019 prior 10.0.17763.3287 version cpe:2.3:o:microsoft:windows_server_2019 < 10.0.17763.3287
  Microsoft Windows Server 2022 prior 10.0.20348.887 version cpe:2.3:o:microsoft:windows_server_2022 < 10.0.20348.887
  Microsoft Windows Server 20h2 prior 10.0.19042.1889 version cpe:2.3:o:microsoft:windows_server_20h2 < 10.0.19042.1889