CVE-2022-30190β€”Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

PUBLISHEDvulnerability record
2022-06-14 Β· last modified June 21, 2025

Metadata

CVE ID:
CVE-2022-30190
Project:
Microsoft
Product:
Windows
Date Added:
2022-06-14
Due Date:
2022-07-05
Last Updated:
June 21, 2025

Vulnerability Name

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

Description

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application.

Known To Be Used in Ransomware Campaigns?

Ransomware Status:
KNOWN

Action

Apply updates per vendor instructions.

Additional Notes

Related News Articles

Related Weaknesses