Patchday: Microsoft closes MSDT gap that also works without macros

Windows is vulnerable to Word, for example, although RTF formats can also be used. But also Azure, Edge & Co. get important security updates.

 Patchday: Microsoft closes MSDT vulnerability that also works without macros

Attackers have been exploiting a security gap in Windows since the end of May, which allows malicious code to be pushed onto systems and executed with comparatively little effort. A security patch has been released on the monthly patch day, but you can’t find it at first glance.

The MSDT vulnerability (CVE-2022-30190 “high“) affects Microsoft’s URI handler of the same name. In the course of the attacks, security researchers discovered a crafted Word document that uses Word’s remote template function to download an HTML file. The file in turn uses the URI handler ms-msdt: and uses it to load malicious code. This works even if macros are disabled. If it is a document in RTF format, a victim does not even have to open the file to initiate an attack.

But in the warning messages for the current patch day, one looks in vain for the security update that caused the vulnerability closes. Microsoft has added the update to a support article from May 2022 with the MSDT diagnostic tool and strongly recommends installing it due to the current attacks.

Malicious code vulnerabilities

Three vulnerabilities in Windows Hyper -V (CVE2022-30163), Windows LDAP (CVE-2022-30139) and Windows NFS (CVE-2022-30136) are classified by Microsoft as “critical“. a. After successful attacks, attackers could break out of a virtual machine and execute malicious code in the host system. Malicious code could also slip into systems through the NFS vulnerability. In this case, remote attacks should be possible.

The majority of the remaining security gaps have the threat level “high” classified. Attackers could, for example, start with Microsoft Office and access information that is actually isolated and gain increased user rights in Azure Open Management Infrastructure.

According to the current state of information, the Windows gaps demonstrated in the Pwn2Own hacking competition have not yet been closed .

Adieu Internet Explorer

Internet Explorer is history. Microsoft is discontinuing support and the browser will no longer receive security updates. Accordingly, it should no longer be used. IE mode in Edge will be supported until 2029.

Rate article
Leave a Reply