Oh cool, it’s been a long time! Nao Sec researchers have discovered a 0day flaw currently used by cybercriminals, which allows them to take full control of a computer equipped with Windows.
The vulnerability is in the Microsoft Support Diagnostics Tool (MSDT) and can be exploited using a booby-trapped Word document. Thus by opening the document or simply its preview, it will automatically open a URI containing malicious Powershell code which will run and allow the attacker to be admin on the targeted machine. I let you consult the CVE-2022-30190 for those who want as well as this Twitter thread which explains in detail how it works .
So obviously, if I’m writing this article, it’s not to tell you to switch to Linux, huh, but rather to explain to you how to temporarily block the exploitation of this 0day flaw while waiting for Microsoft to move its butt . This is important, because as I told you in the intro, the flaw is actively exploited.
It could not be easier. Open a command prompt as Administrator , then make a backup of the registry key with the command:
reg export HKEY_CLASSES_ROOT\\ms-msdt search-ms.reg
And then we’ll delete it like this:
reg delete HKEY_CLASSES_ROOT\\ms-msdt /f
And you are protected until further notice.