MSDT 是微软支持诊断工具 (Microsoft Windows Support Diagnositc Tool) 的缩写,用以帮助诊断用户可能遇到的问题并记录相关信息。
| 漏洞名称 |
Windows MSDT 远程代码执行漏 |
| 漏洞编号 |
CVE-2022-30190 |
| 漏洞类型 |
远程代码执行 |
| 漏洞等级 |
高危 |
Windows Server
2012 R2 (Server Core installation)
2012 R2
2012 (Server Core installation)
2012
2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
2008 R2 for x64-based Systems Service Pack 1
2008 for x64-based Systems Service Pack 2 (Server Core installation)
2008 for x64-based Systems Service Pack 2
2008 for 32-bit Systems Service Pack 2 (Server Core installation)
2008 for 32-bit Systems Service Pack 2
2016 (Server Core installation)
2016
20H2 (Server Core Installation)
2022 Azure Edition Core Hotpatch
2022 (Server Core installation)
2019 (Server Core installation)
2019
Windows RT 8.1
Windows 8.1
x64-based systems
32-bit systems
Windows 7
x64-based Systems Service Pack 1
32-bit Systems Service Pack 1
Windows 10
1607 for x64-based Systems
1607 for 32-bit Systems
x64-based Systems
32-bit Systems
21H2 for x64-based Systems
21H2 for ARM64-based Systems
21H2 for 32-bit Systems
20H2 for ARM64-based Systems
20H2 for 32-bit Systems
20H2 for x64-based Systems
21H1 for 32-bit Systems
21H1 for ARM64-based Systems
21H1 for x64-based Systems
1809 for ARM64-based Systems
1809 for x64-based Systems
1809 for 32-bit Systems
Windows 11
ARM64-based Systems
x64-based Systems
目前微软官方暂未发布此漏洞的补丁,但微软安全响应中心已经发布了此漏洞的指南,受影响用户可以应用以下临时缓解措施:
关闭MSDT URL协议:
1. 使用管理员权限启动命令提示符
2. 使用命令“reg export HKEY_CLASSES_ROOTms-msdt filename”备份注册表
3. 执行命令“reg delete HKEY_CLASSES_ROOTms-msdt /f”
撤销临时解决的方案:
1. 使用管理员权限启动命令提示符
2. 使用命令“reg import filename”恢复注册表
参考链接:
https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190
原文始发于微信公众号(第59号):【漏洞通告】Microsoft Windows 支持诊断工具 (MSDT) 远程代码执行漏洞
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论