As per Microsoft's assessment, CVE-2022-30190 is categorized as a remote code execution vulnerability. This vulnerability emerges when MSDT is invoked through the URL protocol by a calling application, like MS Word. An attacker who effectively exploits this vulnerability gains the ability to execute arbitrary code, utilizing the privileges of the calling application. This could permit the attacker to install applications, access, modify, or delete data, and even establish new user accounts within the scope of the user's permissions.
This simulation plan has been created to assess how your organization would respond to a full attack chain which would leverage Follina or MalDoc exploits. Step by step actions will be updated on this blog post.
Last updated on 23 Aug 2023
Go back to Blog and Random Thoughts