Threat Advisory

Microsoft Office Zero-day Vulnerability

June 2, 2022 | By Accorian

Recently a new zero-day vulnerability has been detected in Microsoft Office that can be exploited to execute arbitrary code on the affected windows machines. The vulnerability can execute malicious PowerShell commands via Microsoft Diagnostic Tool (MSDT) by opening a word document. The weakness has now been assigned CVE-2022-30190 and is rated a CVSS score of 7.8. Few of the affected MS Office versions are Office 2013, Office 2016, Office 2019, and Office 2021, as well as Professional Plus editions. The exploit works without requiring elevated privileges and even bypasses the need to enable macros. 

Microsoft hasn’t yet released a patch but has shared a few workarounds as a stopgap. Admins and users are advised to disable the MSDT URL protocol, which the attackers are leveraging to execute code. According to Microsoft, MS Office’s Protected View and Application Guard would block CVE-2022-30190 attacks, although some researchers claim that the security feature will not block exploitation attempts if the malicious document is previewed in Windows Explorer. Therefore, it is also advised to disable the Preview pane in Windows Explorer. 

Accorian recommends all admins implement the workarounds until a patch has been released. 

You can find detailed guidance released by Microsoft here. (https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/). 

Accorian can help identify this vulnerability in your environment. Simply reply back to this mail and one of your team members will get in touch with you.
Source: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190

Recent Post

Ready to Start?

Ready to Start?​


Drop your CVs to joinourteam@accorian.com

Interested Position

Download Case study

Download SOC2 Guide