组件介绍
MSDT是微软支持诊断工具(Microsoft Windows Support Diagnositc Tool)的缩写,用以帮助诊断用户可能遇到的问题并记录相关信息。
漏洞描述
近日,深信服安全团队监测到一则Windows MSDT组件存在远程执行代码的信息,漏洞编号:CVE-2022-30190,漏洞威胁等级:高危。
该漏洞是由于MSDT被用户应用使用URL协议调用,攻击者通过社会工程诱使受害者从网站下载并打开特制文件,最终获取用户权限。
影响范围
Windows Server 2012 R2
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit/x64-based Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for 32-bit/x64-based systems
Windows 7 for 32-bit/x64-based Systems Service Pack 1
Windows Server 2016
Windows 10 Version 1607 for 32-bit/x64-based Systems
Windows 10 for 32-bit/x64-based Systems
Windows 10 Version 21H2 for 32-bit/ARM64-based/x64-based Systems
Windows 11 for x64-based/ARM64-based Systems
Windows 10 Version 20H2 for x64-based/32-bit/ARM64-based Systems
Windows Server 2022 Azure Edition Core Hotpatch
Windows Server 2022
Windows 10 Version 21H1 for x64-based/ARM64-based/32-bit Systems
Windows Server 2019
Windows 10 Version 1809 for 32-bit/x64-based/ARM64-based Systems
官方修复建议
当前官方已发布受影响版本的修复指南
关闭MSDT URL协议:
- 使用管理员权限启动命令提示符
- 使用命令” reg export HKEY_CLASSES_ROOT\ms-msdt filename”备份注册表
- 执行命令” reg delete HKEY_CLASSES_ROOT\ms-msdt /f”
撤销临时解决的方案
- 使用管理员权限启动命令提示符
- 使用命令” reg import filename”恢复注册表