Skip to main content

CVE-2022-30190 MSDT Vulnerability - Workarounds

Purpose

This solution applies the temporary workaround for the Microsoft Support Diagnostic Tool Vulnerability, as released by Microsoft.
Reference:
Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability
Microsoft Update Guide for CVE-2022-30190

Associated Content

ContentTypeFunction
MS-MSDT Registry KeyRoleThis role is used to detect the computers in need of a workaround.
ProVal - Development - Workaround - Microsoft Support Diagnostic Tool Vulnerability [G]Internal MonitorThis monitor set will detect the computers with the MS-MSDT Registry Key role enabled and will execute the Workaround - Microsoft Support Diagnostic Tool Vulnerability [Param][Autofix][DV] script to apply the autofix/workaround.
Workaround - Microsoft Support Diagnostic Tool Vulnerability [Param][Autofix][DV]ScriptThe primary purpose of the script is to take a backup of the HKEY_CLASSES_ROOT/ms-msdt registry keys and remove them from the computer. However, it can also be executed manually to restore the key in case of need.
Microsoft Support Diagnostic Tool Registry Key Audit [Script][Role]DataviewThis serves the purpose of tracking the progress of the workaround being applied by the Workaround - Microsoft Support Diagnostic Tool Vulnerability [Param][Autofix][DV] script and the ProVal - Development - Workaround - Microsoft Support Diagnostic Tool Vulnerability [G] monitor set.
ProVal - Development - Restore MS-MSDT Registry Key [G]Internal MonitorThis will run the Workaround - Microsoft Support Diagnostic Tool Vulnerability [Param][Autofix][DV] script to restore the key on computers where the recommended patches are installed.

Implementation

  1. Import the Role, MS-MSDT Registry Key.
  2. Import the Internal Monitor, ProVal - Development - Workaround - Microsoft Support Diagnostic Tool Vulnerability [G].
  3. Import the Script, Workaround - Microsoft Support Diagnostic Tool Vulnerability [Param][Autofix][DV].
  4. Import the Dataview, Microsoft Support Diagnostic Tool Registry Key Audit [Script][Role].
  5. Create an alert template "WorkAround - MSDT Vulnerability" to run the Workaround - Microsoft Support Diagnostic Tool Vulnerability [Param][Autofix][DV] script.
  6. Apply the "WorkAround - MSDT Vulnerability" template to the ProVal - Development - Workaround - Microsoft Support Diagnostic Tool Vulnerability [G] internal monitor.
  7. Execute the "Update Config" command against all agent groups.
  8. Wait for 10 minutes.
  9. Execute the "Resend System" command against all agent groups.

OR

  1. Import the Workaround - Microsoft Support Diagnostic Tool Vulnerability [Param][Autofix][DV] script.
  2. Execute it against a computer, and it will import the rest of the contents.
  3. Verify the existence of the contents.
  4. Execute the "Update Config" command against all agent groups.
  5. Wait for 10 minutes.
  6. Execute the "Resend System" command against all agent groups.

The above steps will accomplish the task, but if you need tickets for failures, you will have to update the value of the global variable Ticket to 1.

Introduction to a New Internal Monitor:

  1. Import the "ProVal - Development - Restore MS-MSDT Registry Key [G]" monitor set from the pro-sync plugin.
  2. Update the ProVal - Development - Workaround - Microsoft Support Diagnostic Tool Vulnerability [G] monitor set from the pro-sync plugin.
  3. Update the Workaround - Microsoft Support Diagnostic Tool Vulnerability [Param][Autofix][DV] script from the pro-sync plugin.