一、 漏洞 CVE-2022-30190 基础信息
漏洞信息
# Microsoft Windows 支持诊断工具 (MSDT) 远程代码执行漏洞
## 概述
存在一个远程代码执行漏洞,当通过URL协议从Word等调用应用程序调用MSDT时,攻击者可以利用该漏洞在调用应用程序的权限下执行任意代码。
## 影响版本
未具体提及影响版本。
## 细节
攻击者成功利用此漏洞后,可以在调用应用程序的权限下执行任意代码。这可能导致安装程序、查看、更改或删除数据,或在用户权限允许的上下文中创建新账户。
## 影响
攻击者可以利用该漏洞执行任意代码并进行进一步的恶意操作,例如安装恶意软件,访问或篡改数据,或创建新账户。需注意保护系统以防止此漏洞的利用。
请参阅MSRC博客文章获取有关保护系统免受此漏洞影响的重要信息。
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
来源:美国国家漏洞数据库 NVD
漏洞描述信息
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.
Please see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
Microsoft Windows Support Diagnostic Tool 操作系统命令注入漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Microsoft Windows Support Diagnostic Tool是美国微软(Microsoft)公司的收集信息以发送给 Microsoft 支持的工具。 Microsoft Windows Support Diagnostic Tool (MSDT)存在操作系统命令注入漏洞。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
授权问题
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2022-30190 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | CVE-2022-30190 (Exploit Microsoft) | https://github.com/flux10n/CVE-2022-30190 | POC详情 |
| 2 | POC CVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follina | https://github.com/JMousqueton/PoC-CVE-2022-30190 | POC详情 |
| 3 | CVE-2022-30190 | https://github.com/zkl21hoang/msdt-follina-office-rce | POC详情 |
| 4 | CVE-2022-30190 Follina POC | https://github.com/onecloudemoji/CVE-2022-30190 | POC详情 |
| 5 | None | https://github.com/2867a0/CVE-2022-30190 | POC详情 |
| 6 | Microsoft Office Word Rce 复现(CVE-2022-30190) | https://github.com/doocop/CVE-2022-30190 | POC详情 |
| 7 | This Repository Talks about the Follina MSDT from Defender Perspective | https://github.com/archanchoudhury/MSDT_CVE-2022-30190 | POC详情 |
| 8 | Aka Follina = benign POC. | https://github.com/rickhenderson/cve-2022-30190 | POC详情 |
| 9 | Picking up processes that have triggered ASR related to CVE-2022-30190 | https://github.com/DOV3Y/CVE-2022-30190-ASR-Senintel-Process-Pickup | POC详情 |
| 10 | CVE-2022-30190- A Zero-Click RCE Vulnerability In MSDT | https://github.com/kdk2933/msdt-CVE-2022-30190 | POC详情 |
| 11 | Microsoft Sentinel analytic rule and hunting queries in ASIM for activity of MSDT and CVE-2022-30190. | https://github.com/sentinelblue/CVE-2022-30190 | POC详情 |
| 12 | None | https://github.com/aymankhder/MSDT_CVE-2022-30190-follina- | POC详情 |
| 13 | CVE-2022-30190 remediation via removal of ms-msdt from Windows registry | https://github.com/PaddlingCode/cve-2022-30190 | POC详情 |
| 14 | Follina MS-MSDT 0-day MS Office RCE (CVE-2022-30190) PoC in Go | https://github.com/dwisiswant0/gollina | POC详情 |
| 15 | None | https://github.com/hscorpion/CVE-2022-30190 | POC详情 |
| 16 | Just another PoC for the new MSDT-Exploit | https://github.com/drgreenthumb93/CVE-2022-30190-follina | POC详情 |
| 17 | None | https://github.com/mitespsoc/CVE-2022-30190-POC | POC详情 |
| 18 | None | https://github.com/Vaisakhkm2625/MSDT-0-Day-CVE-2022-30190-Poc | POC详情 |
| 19 | An NSIS script that helps deploy and roll back the mitigation registry patch for CVE-2022-30190 as recommended by Microsoft | https://github.com/rouben/CVE-2022-30190-NSIS | POC详情 |
| 20 | Removes the ability for MSDT to run, in response to CVE-2022-30190 (Follina) | https://github.com/Cosmo121/Follina-Remediation | POC详情 |
| 21 | CVE-2022-30190 or "Follina" 0day proof of concept | https://github.com/rayorole/CVE-2022-30190 | POC详情 |
| 22 | Proof of Concept zu MSDT-Follina - CVE-2022-30190. ÜBERPRÜFUNG DER WIRKSAMKEIT VON MICROSOFT DEFNEDER IN DER JEWEILS AKTUELLSTEN WINDOWS 10 VERSION. | https://github.com/ImproveCybersecurityJaro/2022_PoC-MSDT-Follina-CVE-2022-30190 | POC详情 |
| 23 | MS-MSDT Follina CVE-2022-30190 PoC document generator | https://github.com/sudoaza/CVE-2022-30190 | POC详情 |
| 24 | MSDT protocol disabler (CVE-2022-30190 patch tool) | https://github.com/gamingwithevets/msdt-disable | POC详情 |
| 25 | A tool written in Go that scans files & directories for the Follina exploit (CVE-2022-30190) | https://github.com/ErrorNoInternet/FollinaScanner | POC详情 |
| 26 | None | https://github.com/ITMarcin2211/CVE-2022-30190 | POC详情 |
| 27 | Mitigates the "Folina"-ZeroDay (CVE-2022-30190) | https://github.com/derco0n/mitigate-folina | POC详情 |
| 28 | CVE-2022-30190-follina.py-修改版,可以自定义word模板,方便实战中钓鱼使用。 | https://github.com/komomon/CVE-2022-30190-follina-Office-MSDT-Fixed | POC详情 |
| 29 | None | https://github.com/gyaansastra/CVE-2022-30190 | POC详情 |
| 30 | None | https://github.com/swaiist/CVE-2022-30190-Fix | POC详情 |
| 31 | The CVE-2022-30190-follina Workarounds Patch | https://github.com/suenerve/CVE-2022-30190-Follina-Patch | POC详情 |
| 32 | PDQ Package I created for CVE-2022-30190 | https://github.com/castlesmadeofsand/ms-msdt-vulnerability-pdq-package | POC详情 |
| 33 | Simple Follina poc exploit | https://github.com/WesyHub/CVE-2022-30190---Follina---Poc-Exploit | POC详情 |
| 34 | CVE-2022-30190 | MS-MSDT Follina One Click | https://github.com/AchocolatechipPancake/MS-MSDT-Office-RCE-Follina | POC详情 |
| 35 | A very simple MSDT "Follina" exploit **patched** | https://github.com/arozx/CVE-2022-30190 | POC详情 |
| 36 | All about CVE-2022-30190, aka follina, that is a RCE vulnerability that affects Microsoft Support Diagnostic Tools (MSDT) on Office apps such as Word. This is a very simple POC, feel free to check the sources below for more threat intelligence. | https://github.com/Noxtal/follina | POC详情 |
| 37 | This is to patch CVE-2022-30190. Use at your own risk. | https://github.com/droidrzrlover/CVE-2022-30190 | POC详情 |
| 38 | Powershell script to mitigate cve-2022-30190 | https://github.com/hilt86/cve-2022-30190-mitigate | POC详情 |
| 39 | Follina POC by John Hammond | https://github.com/SrikeshMaharaj/CVE-2022-30190 | POC详情 |
| 40 | None | https://github.com/DerZiad/CVE-2022-30190 | POC详情 |
| 41 | None | https://github.com/tej7gandhi/CVE-2022-30190-Zero-Click-Zero-Day-in-msdt | POC详情 |
| 42 | None | https://github.com/ItsNee/Follina-CVE-2022-30190-POC | POC详情 |
| 43 | Microsoft MS-MSDT Follina (0-day Vulnerability) CVE-2022-30190 Attack Vector | https://github.com/IamVSM/msdt-follina | POC详情 |
| 44 | Désactivation du protocole MSDT URL (CVE-2022-30190) avec gestion des erreurs et de l'exit code pour un déploiement en masse | https://github.com/Rojacur/FollinaPatcherCLI | POC详情 |
| 45 | Microsoft Support Diagnostic Tool (CVE-2022-30190) | https://github.com/joshuavanderpoll/CVE-2022-30190 | POC详情 |
| 46 | Notes related to CVE-2022-30190 | https://github.com/abhirules27/Follina | POC详情 |
| 47 | Server to host/activate Follina payloads & generator of malicious Word documents exploiting the MS-MSDT protocol. (CVE-2022-30190) | https://github.com/dsibilio/follina-spring | POC详情 |
| 48 | Proof of Concept of CVE-2022-30190 | https://github.com/Malwareman007/Deathnote | POC详情 |
| 49 | None | https://github.com/sentrium-security/Follina-Workaround-CVE-2022-30190 | POC详情 |
| 50 | Exploit Microsoft Zero-Day Vulnerability Follina (CVE-2022-30190) | https://github.com/Hrishikesh7665/Follina_Exploiter_CLI | POC详情 |
| 51 | Repository containing the compromised certificate seen in recent CVE-2022-30190 (Follina) attacks. | https://github.com/b401/Clickstudio-compromised-certificate | POC详情 |
| 52 | Mitigation for CVE-2022-30190 | https://github.com/k508/CVE-2022-30190 | POC详情 |
| 53 | proof of concept to CVE-2022-30190 (follina) | https://github.com/amitniz/follina_cve_2022-30190 | POC详情 |
| 54 | this is my simple article about CVE 2022-30190 (Follina) analysis. I use the lab from Letsdefend. | https://github.com/Abdibimantara/CVE-2022-30190-Analysis-With-LetsDefends-Lab | POC详情 |
| 55 | These are two Python scripts compiled to easily and quickly apply temporary protection against the CVE-2022-30190 vulnerability (Follina) | https://github.com/SrCroqueta/CVE-2022-30190_Temporary_Fix | POC详情 |
| 56 | These are the source codes of the Python scripts to apply the temporary protection against the CVE-2022-30190 vulnerability (Follina) | https://github.com/SrCroqueta/CVE-2022-30190_Temporary_Fix_Source_Code | POC详情 |
| 57 | An Unofficial Patch Follina CVE-2022-30190 (patch) by micrisoft Guidelines. | https://github.com/SonicWave21/Follina-CVE-2022-30190-Unofficial-patch | POC详情 |
| 58 | CVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follina | https://github.com/nanaao/PicusSecurity4.Week.Repo | POC详情 |
| 59 | Python file scanner created in 2021 scanning for known and potential vulns | https://github.com/XxToxicScriptxX/CVE-2022-30190 | POC详情 |
| 60 | None | https://github.com/ernestak/CVE-2022-30190 | POC详情 |
| 61 | None | https://github.com/ernestak/Sigma-Rule-for-CVE-2022-30190 | POC详情 |
| 62 | Extract payload URLs from Follina (CVE-2022-30190) docx and rtf files | https://github.com/MalwareTech/FollinaExtractor | POC详情 |
| 63 | None | https://github.com/notherealhazard/follina-CVE-2022-30190 | POC详情 |
| 64 | follina zero day vulnerability to help Microsoft to mitigate the attack | https://github.com/Cerebrovinny/follina-CVE-2022-30190 | POC详情 |
| 65 | Educational Follina PoC Tool | https://github.com/ethicalblue/Follina-CVE-2022-30190-Sample | POC详情 |
| 66 | Follina (CVE-2022-30190) proof-of-concept | https://github.com/Lucaskrell/go_follina | POC详情 |
| 67 | This is exploit of CVE-2022-30190 on PowerPoint. | https://github.com/Gra3s/CVE-2022-30190_EXP_PowerPoint | POC详情 |
| 68 | Detection and Remediation of the Follina MSDT Vulnerability (CVE-2022-30190) | https://github.com/EkamSinghWalia/Follina-MSDT-Vulnerability-CVE-2022-30190- | POC详情 |
| 69 | A Fullstack Academy Cybersecurity project examining the full cycle of the Follina (CVE-2022-30190) vulnerability, from exploit to detection and defense. | https://github.com/jeffreybxu/five-nights-at-follina-s | POC详情 |
| 70 | A proof of concept for CVE-2022-30190 (Follina). | https://github.com/winstxnhdw/CVE-2022-30190 | POC详情 |
| 71 | this is a demo attack of FOLLINA exploit , a vulnerability that has been discovered in May 2022 and stood unpatched until June 2022 | https://github.com/Imeneallouche/Follina-attack-CVE-2022-30190- | POC详情 |
| 72 | Implementation of CVE-2022-30190 in C | https://github.com/mattjmillner/CVE-Smackdown | POC详情 |
| 73 | A Command Line based python tool for exploit Zero-Day vulnerability in MSDT (Microsoft Support Diagnostic Tool) also know as 'Follina' CVE-2022-30190. | https://github.com/0xAbbarhSF/FollinaXploit | POC详情 |
| 74 | None | https://github.com/michealadams30/Cve-2022-30190 | POC详情 |
| 75 | CVE-2022-30190(follina) | https://github.com/melting0256/Enterprise-Cybersecurity | POC详情 |
| 76 | None | https://github.com/yrkuo/CVE-2022-30190 | POC详情 |
| 77 | Implementation of FOLLINA-CVE-2022-30190 | https://github.com/ToxicEnvelope/FOLLINA-CVE-2022-30190 | POC详情 |
| 78 | An exploitation of CVE-2022-30190 (Follina) | https://github.com/meowhua15/CVE-2022-30190 | POC详情 |
| 79 | Follina (CVE-2022-30190) is a Microsoft Office zero-day vulnerability that has recently been discovered. It’s a high-severity vulnerability that hackers can leverage for remote code execution (RCE) attacks. | https://github.com/aminetitrofine/CVE-2022-30190 | POC详情 |
| 80 | None | https://github.com/Muhammad-Ali007/Follina_MSDT_CVE-2022-30190 | POC详情 |
| 81 | An automated attack chain based on CVE-2022-30190, 163 email backdoor, and image steganography. | https://github.com/Jump-Wang-111/AmzWord | POC详情 |
| 82 | A tool written in Go that scans files & directories for the Follina exploit (CVE-2022-30190) | https://github.com/shri142/ZipScan | POC详情 |
| 83 | CVE-2022-30190 | MS-MSDT Follina One Click | https://github.com/0xflagplz/MS-MSDT-Office-RCE-Follina | POC详情 |
| 84 | The script is from https://github.com/JohnHammond/msdt-follina, just make it simple for me to use it and this script aim at generating the payload for more information refer the johnn hammond link | https://github.com/alien-keric/CVE-2022-30190 | POC详情 |
| 85 | For learning purpose did a complete analysis on CVE-2022-30190 "Follina" POC | https://github.com/skitkat/CVE-2022-30190-POC | POC详情 |
| 86 | Educational Follina PoC Tool | https://github.com/Captain404/Follina-CVE-2022-30190-PoC-sample | POC详情 |
| 87 | An exploitation of CVE-2022-30190 (Follina) | https://github.com/hycheng15/CVE-2022-30190 | POC详情 |
| 88 | CVE-2022-30190 Proof-Of-Concept | https://github.com/madbaiu/CVE-2022-30190 | POC详情 |
| 89 | Follina (CVE-2022-30190) proof-of-concept | https://github.com/Zitchev/go_follina | POC详情 |
| 90 | Educational Follina PoC Tool | https://github.com/Nyx2022/Follina-CVE-2022-30190-Sample | POC详情 |
| 91 | PoC of CVE-2022-30190 | https://github.com/Potato-9257/CVE-2022-30190_page | POC详情 |
| 92 | Project on CVE-2022-30190 exploitation and mitigation strategies | https://github.com/yeep1115/ICT287_CVE-2022-30190_Exploit | POC详情 |
| 93 | CVE-2022-30190 | https://github.com/0x7a6b4c/msdt-follina-office-rce | POC详情 |
| 94 | These are two Python scripts compiled to easily and quickly apply temporary protection against the CVE-2022-30190 vulnerability (Follina) | https://github.com/JotaQC/CVE-2022-30190_Temporary_Fix | POC详情 |
| 95 | These are the source codes of the Python scripts to apply the temporary protection against the CVE-2022-30190 vulnerability (Follina) | https://github.com/JotaQC/CVE-2022-30190_Temporary_Fix_Source_Code | POC详情 |
| 96 | Project Repository for Exploitation, Detection and Mitigation of Folina Vulnerability (CVE-2022-30190) | https://github.com/RathoreAbhiii/Folina-Vulnerability-Exploitation-Detection-and-Mitigation | POC详情 |
| 97 | Mitigation for CVE-2022-30190 | https://github.com/cyberdashy/CVE-2022-30190 | POC详情 |
| 98 | A Command Line based python tool for exploit Zero-Day vulnerability in MSDT (Microsoft Support Diagnostic Tool) also know as 'Follina' CVE-2022-30190. | https://github.com/ar2o3/FollinaXploit | POC详情 |
| 99 | Exploration of the Follina (CVE-2022-30190) Microsoft Office vulnerability, including a detailed analysis, proof-of-concept exploitation in a controlled lab, and mitigation strategies. For educational and research purposes only. | https://github.com/seinab-ibrahim/Follina-Vulnerability-CVE-2022-30190-Exploit-Analysis | POC详情 |
| 100 | We are presented with a security alert indicating the detection of the Follina (CVE-2022-30190) vulnerability. A malicious Word document triggered msdt.exe execution, suggesting possible remote code execution on the host JonasPRD. Our task is to investigate the alert, confirm exploitation, assess impact, and recommend remediation. | https://github.com/Arkha-Corvus/LetsDefend-SOC173-Follina-0-Day-Detected | POC详情 |
三、漏洞 CVE-2022-30190 的情报信息
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30190 x_refsource_MISC
- http://packetstormsecurity.com/files/167438/Microsoft-Office-Word-MSDTJS-Code-Execution.html x_refsource_MISC
-
标题: CVE-2022-30190 - Security Update Guide - Microsoft - Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability -- 🔗来源链接
标签: vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-30190
四、漏洞 CVE-2022-30190 的评论
暂无评论