The Microsoft Windows Support Diagnostic Tool (MSDT) RCE Workaround Detection (CVE-2022-30190)

info Nessus Plugin ID 161691

Synopsis

Checks for the HKEY_CLASSES_ROOT\ms-msdt registry key.

Description

The remote host has the HKEY_CLASSES_ROOT\ms-msdt registry key. This is a known exposure for CVE-2022-30190.

Note that Nessus has not tested for CVE-2022-30190. It is only checking if the registry key exists. The recommendation is to apply the latest patch.

Solution

Apply the latest Cumulative Update.

See Also

http://www.nessus.org/u?440e4ba1

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190

http://www.nessus.org/u?b9345997

Plugin Details

Severity: Info

ID: 161691

File Name: msdt_rce_cve_2022-30190_reg_check.nasl

Version: 1.9

Type: local

Agent: windows

Family: Windows

Published: 5/31/2022

Updated: 7/28/2022

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

CPE: cpe:/o:microsoft:windows, x-cpe:/a:microsoft:msdt

Required KB Items: SMB/Registry/Enumerated

Patch Publication Date: 5/30/2022

Vulnerability Publication Date: 5/30/2022