Your Attention Please

[aviator]

Quote:

On Monday, Microsoft reversed course, identifying the behavior with the vulnerability tracker CVE-2022-30190 and warning for the first time that the reported behavior constituted a critical vulnerability after all.
"A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word," the advisory stated. "An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user's rights."
At the time of this story's publication, Microsoft had yet to issue a patch. Instead, it was advising customers to disable the MSDT URL Protocol by:
1. Run Command Prompt as Administrator.
2. To back up the registry key, execute the command "reg export HKEY_CLASSES_ROOT\ms-msdt filename"
3. Execute the command "reg delete HKEY_CLASSES_ROOT\ms-msdt /f"
According to analysis by researcher Kevin Beaumont, the document uses Word to retrieve an HTML file from a remote web server. The document then uses the MSProtocol URI scheme to load and execute PowerShell commands

.

China is doing this. either delete the registry key or do not open any Microsoft Office file sent by a unknown entity. This vulnerability can take over your system once the HTML file gets opened by Office.

[RTO]

Thanks for the info. I'm sure MS is on it.

https://www.cisecurity.org/advisory/...ution_2022-074

[aviator]

They have known for a few days now but haven't acted yet. I guess they were working on a patch?

[JD Miller]

Is this something (spam / Junk)sent to your Email ?

[aviator]

Quote:

Originally Posted by JD Miller

Is this something (spam / Junk)sent to your Email ?

It may come as a letter sent by someone in Words format. If you don't know the sender don't open it. I get that stuff all the time, even from "lawyers and title agencies" regarding a closing...be careful.