A new Microsoft vulnerability has been found

There is a new Microsoft vulnerability that has been discovered and it could be affecting your employees – and your business. Microsoft has now revealed the identifier for this vulnerability is CVE-2022-30190. They also shared a security update and article with guidance, but no patch looks to be available yet. Here is how to protect yourself in the meantime.

A brief technical explanation of what is occurring

Our partners at Huntress are keeping a close eye on this vulnerability. The developing threat is a zero-click remote code execution technique, used through MSDT (Microsoft Diagnostics Tool) and Microsoft Office utilities, namely Microsoft Word. Throughout the next coming days, our team and the team at Huntress expect exploitation attempts in the wild through email-based delivery. For additional details on the technical side of this vulnerability and to learn more about Huntress’s research into it, visit their article.

A work around for protection

In an effort to apply a workaround until a Microsoft Patch is released, we have applied registry settings to all windows machines that block launching the Microsoft Diagnostic Tool from links or links throughout the operating system. If the Tool is needed for a legitimate reason, it can still be assessed from the system settings menus. Once a patch is released, we will work to get it applied to machines as soon as possible and remove the workaround.

A non-technical explanation and what to know

  • This is a 0-day attack that is new to everyone, and there’s currently no patch available. We expect Microsoft to patch this at some point, but until then you will need a workaround to protect your business.
  • This 0-day attack is executed via a remote code. This means that once this code is detonated, threat actors can adjust and elevate their own privileges and potentially gain critical access to the environment. This vulnerability is especially dangerous because of this. If an intruder manages to get administrative access, they can damage your environment or lock you out.
  • There are workarounds available that could protect you until the vulnerability is patched – but they are not ideal solutions.
  • Your employees can detonate this malicious code by simply opening up a Word doc—in preview mode.

As of right now, our team is paying close attention to this and are working closely with Huntress as they learn more about this vulnerability. Until the patch becomes available, be sure you and your staff are opening word documents cautiously and are made aware of this new exploit.