关于Microsoft Windows支持诊断工具 (MSDT) 远程代码执行漏洞的预警提示

一、漏洞详情

近日监测到Microsoft Windows 支持诊断工具 (MSDT) 远程代码执行漏洞 (CVE-2022-30190) 在野利用。该漏洞允许未经身份验证的远程攻击者通过office文档发起钓鱼攻击，当用户点击打开文档时，实现执行任意代码。

CVE-2022-30190：从Word 等调用应用程序使用URL协议调用 MSDT 时存在远程执行代码漏洞。成功利用此漏洞的攻击者可以使用调用应用程序的权限执行任意代码。

攻击者可将远程模板注入到恶意office文件，当用户打开恶意office文档时，会自动加载远程模板中的恶意html文件，并通过’ms-msdt’执行恶意代码。当恶意文件保存为RTF格式时，无需打开文件，通过windows自带预览选项卡功能即可导致恶意代码执行。

建议受影响用户做好资产自查以及预防工作，以免遭受黑客攻击。

二、影响范围

Windows Server 2012 R2 (Server Coreinstallation)

Windows Server 2012 R2

Windows Server 2012 (Server Coreinstallation)

Windows Server 2012

Windows Server 2008 R2 for x64-basedSystems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-basedSystems Service Pack 1

Windows Server 2008 for x64-basedSystems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-basedSystems Service Pack 2

Windows Server 2008 for 32-bit SystemsService Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit SystemsService Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems ServicePack 1

Windows 7 for 32-bit Systems ServicePack 1

Windows Server 2016 (Server Coreinstallation)

Windows Server 2016

Windows 10 Version 1607 for x64-basedSystems

Windows 10 Version 1607 for 32-bitSystems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 21H2 for x64-basedSystems

Windows 10 Version 21H2 for ARM64-basedSystems

Windows 10 Version 21H2 for 32-bitSystems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server, version 20H2 (ServerCore Installation)

Windows 10 Version 20H2 for ARM64-basedSystems

Windows 10 Version 20H2 for 32-bitSystems

Windows 10 Version 20H2 for x64-basedSystems

Windows Server 2022 Azure Edition Core Hotpatch

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bitSystems

Windows 10 Version 21H1 for ARM64-basedSystems

Windows 10 Version 21H1 for x64-basedSystems

Windows Server 2019 (Server Coreinstallation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-basedSystems

Windows 10 Version 1809 for x64-basedSystems

Windows 10 Version 1809 for 32-bitSystems

三、修复建议

目前漏洞细节和利用代码已公开，官方暂无补丁，建议受影响用户谨慎访问来历不明的Office文档，同时按照以下微软公告及时采取漏洞临时缓解措施，并密切关注后续的补丁更新情况。

临时缓解措施：https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/