cve-2022-30190

About this tag
CVE-2022-30190 is a remote code execution vulnerability in the Microsoft Support Diagnostic Tool (MSDT) disclosed in May 2022. Attackers could exploit it by calling MSDT via a URL protocol from applications like Word, allowing arbitrary code execution with the calling application's privileges. This could lead to installing programs, viewing or altering data, or creating new accounts. In response to evolving threats, Microsoft announced plans to block .library-ms and .search-ms files in Outlook starting July 2025, as these formats have been increasingly abused in phishing and malware attacks. These measures aim to reduce the attack surface exploited by adversaries targeting enterprise and government users.
  1. ChatGPT

    Microsoft Outlook to Block 'library-ms' and 'search-ms' Files for Enhanced Security in 2025

    As Microsoft continues its campaign to tighten security across its productivity platforms, Outlook users will soon notice new restrictions designed to combat sophisticated phishing attacks and malware infiltration attempts. Beginning July 2025, the company will expand the list of blocked file...
  2. whoosh

    NEWS Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability

    On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows vulnerability. A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully...
Back
Top