HTTP: Microsoft Support Diagnostic Tool Remote Code Execution
This signature detects attempts to exploit a known vulnerability against Microsoft Support Diagnostic Tool. A successful attack can lead to arbitrary code execution.
Extended Description
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the users rights. Please see theMSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability.
Affected Products
Microsoft windows_10_1607
Short Name
HTTP:STC:DL:MS-DT-FOLLINA-RCE
Severity
Critical
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2022-30190 Code Diagnostic Execution Microsoft Remote Support Tool
Release Date
06/02/2022
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3771
False Positive
Unknown
Vendors
Microsoft