漏洞平台

POC详情： b17829ab2658af6d242ee347bcc38c0ebbe4daf1

来源

https://github.com/rouben/CVE-2022-30190-NSIS

关联漏洞

标题： Microsoft Windows Support Diagnostic Tool 操作系统命令注入漏洞 (CVE-2022-30190)
描述：Microsoft Windows Support Diagnostic Tool是美国微软（Microsoft）公司的收集信息以发送给 Microsoft 支持的工具。 Microsoft Windows Support Diagnostic Tool (MSDT)存在操作系统命令注入漏洞。以下产品和版本受到影响：Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows

描述

An NSIS script that helps deploy and roll back the mitigation registry patch for CVE-2022-30190 as recommended by Microsoft

介绍

# MSDT Patcher, a.k.a. CVE-2022-30190-NSIS
This is an NSIS script that helps deploy and roll back the mitigation registry patch for CVE-2022-30190 as recommended by Microsoft.

[Download the executable here](https://github.com/rouben/CVE-2022-30190-NSIS/releases).

## How does it work?
When run, it checks for the presence of the key `HKCR\ms-msdt`. If the key exists, it assumes the machine is vulnerable and offers to apply the mitigation patch. If the user confirms, the entire `HKCR\ms-msdt` key hierarchy is removed, i.e. the equivalent of the following registry patch is executed:
```reg
Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\ms-msdt]
```
If the key `HKCR\ms-msdt` is absent, this script assumes that all machines have the same exact registry keys under `HKCR\ms-msdt`, and inserts the equivalent of the following registry patch:
```reg
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\ms-msdt]
@="URL:ms-msdt"
"EditFlags"=dword:00200000
"URL Protocol"=""

[HKEY_CLASSES_ROOT\ms-msdt\shell]

[HKEY_CLASSES_ROOT\ms-msdt\shell\open]

[HKEY_CLASSES_ROOT\ms-msdt\shell\open\command]
@=hex(2):22,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
  00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,\
  73,00,64,00,74,00,2e,00,65,00,78,00,65,00,22,00,20,00,25,00,31,00,00,00
```

## License and other info
I hope you find this little tool useful. It's licensed under the [unlicense](https://unlicense.org), so please feel free to modify and adapt this little hack as you see fit. Contributions are welcome, so fork away and submit a pull request.

**!!!WARNING!!!** This script will **not** protect your system against novel attack vectors that don't use the ms-msdt URL handler. Repeat, this is **not** a proper fix, just a band-aid until Microsoft releases a proper fix for the underlying vulnerability.

文件快照


 [4.0K]  /data/pocs/b17829ab2658af6d242ee347bcc38c0ebbe4daf1
├── [1.2K]  LICENSE
├── [3.5K]  MSDT-Patch.nsi
├── [1.8K]  README.md
└── [4.0K]  regfiles
    ├── [ 142]  mitigate.reg
    └── [1002]  rollback.reg

1 directory, 5 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。