CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability
A remote code execution vulnerability with MS Support Diagnostic Tool was discovered this week.
Linked at the bottom of this article is a new Health Check for our Endpoint Health customers to import and use to detect for and remediate this vulnerability.
To import the .obex file from the zip download, in the Workbench under Misc go into the Object Export-Import Perspective. Then on the right select Import Objects and browse to the .obex file, open and then select Import at the bottom right of the import form.
Next go back to the Home Perspective and again under Misc, go into the Workflow Designer Perspective. The Health Check and Remediation Workflows, HealthCheck - Disable MSDT and Remediation - Disable MSDT, will be found in the Workflow Explorer on the right, under a Custom directory.
Of note on the Remediation Workflow. This takes 2 actions, to backup the registry key and then to delete the registry key. If you would like to not have it fail on the backup and only fail if the registry key, open the Remediation WF and in the CopySuccess False2 change the resultboolean to true.
Whether you made a change to the WFs or not, each will need to be deployed. To do so right-click each of the workflows and select Deploy. A form will pop-up for you to check a box to Enable Logging and then select OK.
After this you are now ready to add the new health check to a health check policy to target to your Windows devices. The health check will be found in a directory in your Health Check Explorer call Custom.
Comments
0 comments
Please sign in to leave a comment.