TLP Rating: White
Vulnerability in the Microsoft Support Diagnostic Tool (MSDT).
CERT Vanuatu (CERTVU) and the Office of the Chief Information Officer (OGCIO) provides the following advisory.
On the 31st May 2022, Microsoft disclosed a remote code execution (RCE) vulnerability in the Microsoft Support Diagnostic Tool (MSDT). CERT Vanuatu has received an advisory from its collaborating partners the Australia Cyber Security Centre (ACSC) and the United Stated Cybersecurity Infrastructure Security Agency (CISA) of this threat.
CERTVU would like to advise its constituents using Microsoft Products to swiftly act on addressing this threat. Since it is a ‘Zero Day’ threat, there is no patch available to-date however, it is important to take note of the mitigation Process below.
References
- https://www.cyber.gov.au/acsc/view-all-content/alerts/exploitation-microsoft-office-vulnerability-follina
- https://www.cisa.gov/uscert/ncas/current-activity/2022/05/31/microsoft-releases-workaround-guidance-msdt-follina-vulnerability
- https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/
- Download advisory (English): Vulnerability in the Microsoft Support Diagnostic Tool (MSDT)
- Telecharger avis (French): Vulnérabilité dans l'outil de diagnostic du support Microsoft (MSDT).
- Download (Bislama): Vulnerabiliti long Microsoft Support Diagnostic Tool (MSDT).