POC详情: 44ebb715f6392c23f8917fa97465dcb1b0a462ab

来源
https://github.com/SrCroqueta/CVE-2022-30190_Temporary_Fix_Source_Code
关联漏洞
标题: Microsoft Windows Support Diagnostic Tool 操作系统命令注入漏洞 (CVE-2022-30190)
描述:Microsoft Windows Support Diagnostic Tool是美国微软(Microsoft)公司的收集信息以发送给 Microsoft 支持的工具。 Microsoft Windows Support Diagnostic Tool (MSDT)存在操作系统命令注入漏洞。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows
描述
These are the source codes of the Python scripts to apply the temporary protection against the CVE-2022-30190 vulnerability (Follina)
介绍
# **_🩹CVE-2022-30190 Temporary Fix🩹 (Source Code)_**
These are the source codes of two Python scripts compiled to easily and quickly apply temporary protection against the **_CVE-2022-30190 vulnerability (Follina)_**

Both can be programmed better, but this is just to implement it as quickly as possible and I did it without much Python knowledge, but the important part is... **_it works!_** Hehe

## _What do these '.exe' files do?:_

> Step by step (**_'CVE-2022-30190_temp-fix.py'_** [CVE-2022-30190_temp-fix.exe]):
  1. Backs up the registry key **_'HKEY_CLASSES_ROOT\ms-msdt'_**.
  2. Deletes the registry key **_'HKEY_CLASSES_ROOT\ms-msdt'_**.
  3. Creates a new registry key **_'DWORD'_** with a value of **_'0'_** to enable a **_'Local Group Policy'_** at the path **_'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnostics'_** called **_'EnableDiagnostics'_** (This registry key sets the policy called **_'Troubleshooting: Allow users to access and run troubleshooting wizards.'_** as **_'Disabled'_**, located at **_'Computer Configuration/Policies/Administrative Templates/System/Troubleshooting and Diagnostics/Scripted Diagnostics'_**).

> Step by step (**_'CVE-2022-30190_back-to-normal.py'_** [revert_changes.exe]):
  1. Restores the registry key **_'HKEY_CLASSES_ROOT\ms-msdt'_**.
  2. Deletes **_'.reg'_** file used to restore it.
  3. Deletes the registry key which was created before to enable a **_'Local Group Policy'_**.

## _How to use them:_

- Run **_'CVE-2022-30190_temp-fix.exe'_** as **_administrator_**, that's all.

- **Do not delete the _'.reg'_ file generated because you will need it in the future when Microsoft fixes this vulnerability.**

- If you want to undo all changes made, you just have to run **_'revert_changes.exe'_** as **_administrator_**.

## _My antivirus detected it as a threat?:_

> In most cases it will detected by the AV as a **_threat_**, so you can **add an _exception_** or just **_disable_ it for a moment**, this is because none of the '.exe' files are signed.

## _This vulnerability has been fixed by Microsoft:_

> Here are the links to the updates:
  - For Windows 10: [2022-06 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5014699)](https://support.microsoft.com/en-us/topic/june-14-2022-kb5014699-os-builds-19042-1766-19043-1766-and-19044-1766-5c81d49d-0b6e-4808-9485-1f54e5d1bb15)
  - For Windows 11: [2022-06 Cumulative Update for Windows 11 for x64-based Systems (KB5014697)](https://support.microsoft.com/en-us/topic/june-14-2022-kb5014697-os-build-22000-739-cd3aaa0b-a8da-44a0-a778-dfb6f1d9ea11)
文件快照

 [4.0K]  /data/pocs/44ebb715f6392c23f8917fa97465dcb1b0a462ab
├── [2.6K]  CVE-2022-30190_back-to-normal.py
├── [2.9K]  CVE-2022-30190_temp-fix.py
└── [2.6K]  README.md

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。