Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-30190— Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

CVSS 7.8 · High KEV · Ransomware EPSS 93.60% · P100
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-30190

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. Please see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Microsoft Windows Support Diagnostic Tool 操作系统命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Microsoft Windows Support Diagnostic Tool是美国微软(Microsoft)公司的收集信息以发送给 Microsoft 支持的工具。 Microsoft Windows Support Diagnostic Tool (MSDT)存在操作系统命令注入漏洞。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
MicrosoftWindows 10 Version 1809 10.0.17763.0 ~ 10.0.17763.3046 -
MicrosoftWindows 10 Version 1809 10.0.0 ~ 10.0.17763.3046 -
MicrosoftWindows Server 2019 10.0.17763.0 ~ 10.0.17763.3046 -
MicrosoftWindows Server 2019 (Server Core installation) 10.0.17763.0 ~ 10.0.17763.3046 -
MicrosoftWindows 10 Version 21H1 10.0.0 ~ 10.0.19043.1766 -
MicrosoftWindows Server 2022 10.0.20348.0 ~ 10.0.20348.770 -
MicrosoftWindows 10 Version 20H2 10.0.0 ~ 10.0.19042.1766 -
MicrosoftWindows Server version 20H2 10.0.0 ~ 10.0.19042.1766 -
MicrosoftWindows 11 version 21H2 10.0.0 ~ 10.0.22000.739 -
MicrosoftWindows 10 Version 21H2 10.0.19043.0 ~ 10.0.19044.1766 -
MicrosoftWindows 10 Version 1507 10.0.10240.0 ~ 10.0.10240.19325 -
MicrosoftWindows 10 Version 1607 10.0.14393.0 ~ 10.0.14393.5192 -
MicrosoftWindows Server 2016 10.0.14393.0 ~ 10.0.14393.5192 -
MicrosoftWindows Server 2016 (Server Core installation) 10.0.14393.0 ~ 10.0.14393.5192 -
MicrosoftWindows 7 6.1.0 ~ 6.1.7601.25984 -
MicrosoftWindows 7 Service Pack 1 6.1.0 ~ 6.1.7601.25984 -
MicrosoftWindows 8.1 6.3.0 ~ 6.3.9600.20402 -
MicrosoftWindows Server 2008 R2 Service Pack 1 6.1.7601.0 ~ 6.1.7601.25984 -
MicrosoftWindows Server 2008 R2 Service Pack 1 (Server Core installation) 6.1.7601.0 ~ 6.1.7601.25984 -
MicrosoftWindows Server 2012 6.2.9200.0 ~ 6.2.9200.23736 -
MicrosoftWindows Server 2012 (Server Core installation) 6.2.9200.0 ~ 6.2.9200.23736 -
MicrosoftWindows Server 2012 R2 6.3.9600.0 ~ 6.3.9600.20402 -
MicrosoftWindows Server 2012 R2 (Server Core installation) 6.3.9600.0 ~ 6.3.9600.20402 -

II. Public POCs for CVE-2022-30190

#POC DescriptionSource LinkShenlong Link
1CVE-2022-30190 (Exploit Microsoft)https://github.com/flux10n/CVE-2022-30190POC Details
2POC CVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follinahttps://github.com/JMousqueton/PoC-CVE-2022-30190POC Details
3CVE-2022-30190https://github.com/zkl21hoang/msdt-follina-office-rcePOC Details
4CVE-2022-30190 Follina POChttps://github.com/onecloudemoji/CVE-2022-30190POC Details
5Nonehttps://github.com/2867a0/CVE-2022-30190POC Details
6Microsoft Office Word Rce 复现(CVE-2022-30190)https://github.com/doocop/CVE-2022-30190POC Details
7This Repository Talks about the Follina MSDT from Defender Perspectivehttps://github.com/archanchoudhury/MSDT_CVE-2022-30190POC Details
8Aka Follina = benign POC.https://github.com/rickhenderson/cve-2022-30190POC Details
9Picking up processes that have triggered ASR related to CVE-2022-30190https://github.com/DOV3Y/CVE-2022-30190-ASR-Senintel-Process-PickupPOC Details
10CVE-2022-30190- A Zero-Click RCE Vulnerability In MSDThttps://github.com/kdk2933/msdt-CVE-2022-30190POC Details
11Microsoft Sentinel analytic rule and hunting queries in ASIM for activity of MSDT and CVE-2022-30190.https://github.com/sentinelblue/CVE-2022-30190POC Details
12Nonehttps://github.com/aymankhder/MSDT_CVE-2022-30190-follina-POC Details
13CVE-2022-30190 remediation via removal of ms-msdt from Windows registryhttps://github.com/PaddlingCode/cve-2022-30190POC Details
14Follina MS-MSDT 0-day MS Office RCE (CVE-2022-30190) PoC in Gohttps://github.com/dwisiswant0/gollinaPOC Details
15Nonehttps://github.com/hscorpion/CVE-2022-30190POC Details
16Just another PoC for the new MSDT-Exploithttps://github.com/drgreenthumb93/CVE-2022-30190-follinaPOC Details
17Nonehttps://github.com/mitespsoc/CVE-2022-30190-POCPOC Details
18Nonehttps://github.com/Vaisakhkm2625/MSDT-0-Day-CVE-2022-30190-PocPOC Details
19An NSIS script that helps deploy and roll back the mitigation registry patch for CVE-2022-30190 as recommended by Microsofthttps://github.com/rouben/CVE-2022-30190-NSISPOC Details
20Removes the ability for MSDT to run, in response to CVE-2022-30190 (Follina)https://github.com/Cosmo121/Follina-RemediationPOC Details
21CVE-2022-30190 or "Follina" 0day proof of concepthttps://github.com/rayorole/CVE-2022-30190POC Details
22Proof of Concept zu MSDT-Follina - CVE-2022-30190. ÜBERPRÜFUNG DER WIRKSAMKEIT VON MICROSOFT DEFNEDER IN DER JEWEILS AKTUELLSTEN WINDOWS 10 VERSION.https://github.com/ImproveCybersecurityJaro/2022_PoC-MSDT-Follina-CVE-2022-30190POC Details
23MS-MSDT Follina CVE-2022-30190 PoC document generatorhttps://github.com/sudoaza/CVE-2022-30190POC Details
24MSDT protocol disabler (CVE-2022-30190 patch tool)https://github.com/gamingwithevets/msdt-disablePOC Details
25A tool written in Go that scans files & directories for the Follina exploit (CVE-2022-30190)https://github.com/ErrorNoInternet/FollinaScannerPOC Details
26Nonehttps://github.com/ITMarcin2211/CVE-2022-30190POC Details
27Mitigates the "Folina"-ZeroDay (CVE-2022-30190)https://github.com/derco0n/mitigate-folinaPOC Details
28CVE-2022-30190-follina.py-修改版,可以自定义word模板,方便实战中钓鱼使用。https://github.com/komomon/CVE-2022-30190-follina-Office-MSDT-FixedPOC Details
29Nonehttps://github.com/gyaansastra/CVE-2022-30190POC Details
30Nonehttps://github.com/swaiist/CVE-2022-30190-FixPOC Details
31The CVE-2022-30190-follina Workarounds Patchhttps://github.com/suenerve/CVE-2022-30190-Follina-PatchPOC Details
32PDQ Package I created for CVE-2022-30190https://github.com/castlesmadeofsand/ms-msdt-vulnerability-pdq-packagePOC Details
33Simple Follina poc exploithttps://github.com/WesyHub/CVE-2022-30190---Follina---Poc-ExploitPOC Details
34CVE-2022-30190 | MS-MSDT Follina One Clickhttps://github.com/AchocolatechipPancake/MS-MSDT-Office-RCE-FollinaPOC Details
35A very simple MSDT "Follina" exploit **patched**https://github.com/arozx/CVE-2022-30190POC Details
36All about CVE-2022-30190, aka follina, that is a RCE vulnerability that affects Microsoft Support Diagnostic Tools (MSDT) on Office apps such as Word. This is a very simple POC, feel free to check the sources below for more threat intelligence.https://github.com/Noxtal/follinaPOC Details
37This is to patch CVE-2022-30190. Use at your own risk. https://github.com/droidrzrlover/CVE-2022-30190POC Details
38Powershell script to mitigate cve-2022-30190https://github.com/hilt86/cve-2022-30190-mitigatePOC Details
39Follina POC by John Hammondhttps://github.com/SrikeshMaharaj/CVE-2022-30190POC Details
40Nonehttps://github.com/DerZiad/CVE-2022-30190POC Details
41Nonehttps://github.com/tej7gandhi/CVE-2022-30190-Zero-Click-Zero-Day-in-msdtPOC Details
42Nonehttps://github.com/ItsNee/Follina-CVE-2022-30190-POCPOC Details
43Microsoft MS-MSDT Follina (0-day Vulnerability) CVE-2022-30190 Attack Vectorhttps://github.com/IamVSM/msdt-follinaPOC Details
44Désactivation du protocole MSDT URL (CVE-2022-30190) avec gestion des erreurs et de l'exit code pour un déploiement en massehttps://github.com/Rojacur/FollinaPatcherCLIPOC Details
45Microsoft Support Diagnostic Tool (CVE-2022-30190)https://github.com/joshuavanderpoll/CVE-2022-30190POC Details
46Notes related to CVE-2022-30190https://github.com/abhirules27/FollinaPOC Details
47Server to host/activate Follina payloads & generator of malicious Word documents exploiting the MS-MSDT protocol. (CVE-2022-30190)https://github.com/dsibilio/follina-springPOC Details
48Proof of Concept of CVE-2022-30190https://github.com/Malwareman007/DeathnotePOC Details
49Nonehttps://github.com/sentrium-security/Follina-Workaround-CVE-2022-30190POC Details
50Exploit Microsoft Zero-Day Vulnerability Follina (CVE-2022-30190)https://github.com/Hrishikesh7665/Follina_Exploiter_CLIPOC Details
51Repository containing the compromised certificate seen in recent CVE-2022-30190 (Follina) attacks.https://github.com/b401/Clickstudio-compromised-certificatePOC Details
52Mitigation for CVE-2022-30190https://github.com/k508/CVE-2022-30190POC Details
53proof of concept to CVE-2022-30190 (follina)https://github.com/amitniz/follina_cve_2022-30190POC Details
54this is my simple article about CVE 2022-30190 (Follina) analysis. I use the lab from Letsdefend.https://github.com/Abdibimantara/CVE-2022-30190-Analysis-With-LetsDefends-LabPOC Details
55These are two Python scripts compiled to easily and quickly apply temporary protection against the CVE-2022-30190 vulnerability (Follina)https://github.com/SrCroqueta/CVE-2022-30190_Temporary_FixPOC Details
56These are the source codes of the Python scripts to apply the temporary protection against the CVE-2022-30190 vulnerability (Follina)https://github.com/SrCroqueta/CVE-2022-30190_Temporary_Fix_Source_CodePOC Details
57An Unofficial Patch Follina CVE-2022-30190 (patch) by micrisoft Guidelines.https://github.com/SonicWave21/Follina-CVE-2022-30190-Unofficial-patchPOC Details
58CVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follina https://github.com/nanaao/PicusSecurity4.Week.RepoPOC Details
59Python file scanner created in 2021 scanning for known and potential vulnshttps://github.com/XxToxicScriptxX/CVE-2022-30190POC Details
60Nonehttps://github.com/ernestak/CVE-2022-30190POC Details
61Nonehttps://github.com/ernestak/Sigma-Rule-for-CVE-2022-30190POC Details
62Extract payload URLs from Follina (CVE-2022-30190) docx and rtf fileshttps://github.com/MalwareTech/FollinaExtractorPOC Details
63Nonehttps://github.com/notherealhazard/follina-CVE-2022-30190POC Details
64follina zero day vulnerability to help Microsoft to mitigate the attackhttps://github.com/Cerebrovinny/follina-CVE-2022-30190POC Details
65Educational Follina PoC Toolhttps://github.com/ethicalblue/Follina-CVE-2022-30190-SamplePOC Details
66Follina (CVE-2022-30190) proof-of-concepthttps://github.com/Lucaskrell/go_follinaPOC Details
67This is exploit of CVE-2022-30190 on PowerPoint.https://github.com/Gra3s/CVE-2022-30190_EXP_PowerPointPOC Details
68Detection and Remediation of the Follina MSDT Vulnerability (CVE-2022-30190)https://github.com/EkamSinghWalia/Follina-MSDT-Vulnerability-CVE-2022-30190-POC Details
69A Fullstack Academy Cybersecurity project examining the full cycle of the Follina (CVE-2022-30190) vulnerability, from exploit to detection and defense.https://github.com/jeffreybxu/five-nights-at-follina-sPOC Details
70A proof of concept for CVE-2022-30190 (Follina).https://github.com/winstxnhdw/CVE-2022-30190POC Details
71this is a demo attack of FOLLINA exploit , a vulnerability that has been discovered in May 2022 and stood unpatched until June 2022https://github.com/Imeneallouche/Follina-attack-CVE-2022-30190-POC Details
72Implementation of CVE-2022-30190 in Chttps://github.com/mattjmillner/CVE-SmackdownPOC Details
73A Command Line based python tool for exploit Zero-Day vulnerability in MSDT (Microsoft Support Diagnostic Tool) also know as 'Follina' CVE-2022-30190.https://github.com/0xAbbarhSF/FollinaXploitPOC Details
74Nonehttps://github.com/michealadams30/Cve-2022-30190POC Details
75CVE-2022-30190(follina)https://github.com/melting0256/Enterprise-CybersecurityPOC Details
76Nonehttps://github.com/yrkuo/CVE-2022-30190POC Details
77Implementation of FOLLINA-CVE-2022-30190https://github.com/ToxicEnvelope/FOLLINA-CVE-2022-30190POC Details
78An exploitation of CVE-2022-30190 (Follina)https://github.com/meowhua15/CVE-2022-30190POC Details
79Follina (CVE-2022-30190) is a Microsoft Office zero-day vulnerability that has recently been discovered. It’s a high-severity vulnerability that hackers can leverage for remote code execution (RCE) attacks.https://github.com/aminetitrofine/CVE-2022-30190POC Details
80Nonehttps://github.com/Muhammad-Ali007/Follina_MSDT_CVE-2022-30190POC Details
81An automated attack chain based on CVE-2022-30190, 163 email backdoor, and image steganography.https://github.com/Jump-Wang-111/AmzWordPOC Details
82A tool written in Go that scans files & directories for the Follina exploit (CVE-2022-30190)https://github.com/shri142/ZipScanPOC Details
83CVE-2022-30190 | MS-MSDT Follina One Clickhttps://github.com/0xflagplz/MS-MSDT-Office-RCE-FollinaPOC Details
84The script is from https://github.com/JohnHammond/msdt-follina, just make it simple for me to use it and this script aim at generating the payload for more information refer the johnn hammond linkhttps://github.com/alien-keric/CVE-2022-30190POC Details
85For learning purpose did a complete analysis on CVE-2022-30190 "Follina" POChttps://github.com/skitkat/CVE-2022-30190-POCPOC Details
86Educational Follina PoC Toolhttps://github.com/Captain404/Follina-CVE-2022-30190-PoC-samplePOC Details
87An exploitation of CVE-2022-30190 (Follina)https://github.com/hycheng15/CVE-2022-30190POC Details
88CVE-2022-30190 Proof-Of-Concepthttps://github.com/madbaiu/CVE-2022-30190POC Details
89Follina (CVE-2022-30190) proof-of-concepthttps://github.com/Zitchev/go_follinaPOC Details
90Educational Follina PoC Toolhttps://github.com/Nyx2022/Follina-CVE-2022-30190-SamplePOC Details
91PoC of CVE-2022-30190https://github.com/Potato-9257/CVE-2022-30190_pagePOC Details
92Project on CVE-2022-30190 exploitation and mitigation strategieshttps://github.com/yeep1115/ICT287_CVE-2022-30190_ExploitPOC Details
93CVE-2022-30190https://github.com/0x7a6b4c/msdt-follina-office-rcePOC Details
94These are two Python scripts compiled to easily and quickly apply temporary protection against the CVE-2022-30190 vulnerability (Follina)https://github.com/JotaQC/CVE-2022-30190_Temporary_FixPOC Details
95These are the source codes of the Python scripts to apply the temporary protection against the CVE-2022-30190 vulnerability (Follina)https://github.com/JotaQC/CVE-2022-30190_Temporary_Fix_Source_CodePOC Details
96Project Repository for Exploitation, Detection and Mitigation of Folina Vulnerability (CVE-2022-30190) https://github.com/RathoreAbhiii/Folina-Vulnerability-Exploitation-Detection-and-MitigationPOC Details
97Mitigation for CVE-2022-30190https://github.com/cyberdashy/CVE-2022-30190POC Details
98A Command Line based python tool for exploit Zero-Day vulnerability in MSDT (Microsoft Support Diagnostic Tool) also know as 'Follina' CVE-2022-30190.https://github.com/ar2o3/FollinaXploitPOC Details
99Exploration of the Follina (CVE-2022-30190) Microsoft Office vulnerability, including a detailed analysis, proof-of-concept exploitation in a controlled lab, and mitigation strategies. For educational and research purposes only.https://github.com/seinab-ibrahim/Follina-Vulnerability-CVE-2022-30190-Exploit-AnalysisPOC Details
100We are presented with a security alert indicating the detection of the Follina (CVE-2022-30190) vulnerability. A malicious Word document triggered msdt.exe execution, suggesting possible remote code execution on the host JonasPRD. Our task is to investigate the alert, confirm exploitation, assess impact, and recommend remediation.https://github.com/Arkha-Corvus/LetsDefend-SOC173-Follina-0-Day-DetectedPOC Details
101The script is from https://github.com/JohnHammond/msdt-follina, just make it simple for me to use it and this script aim at generating the payload for more information refer the johnn hammond linkhttps://github.com/alienkeric/CVE-2022-30190POC Details
102Nonehttps://github.com/nimesh895/Malware-Analysis-Follina-CVE-2022-30190POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-30190

登录查看更多情报信息。

Same Patch Batch · Microsoft · 2022-06-01 · 4 CVEs total

CVE-2022-301278.3 HIGHMicrosoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2022-301288.3 HIGHMicrosoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2022-269054.3 MEDIUMMicrosoft Edge (Chromium-based) Spoofing Vulnerability

IV. Related Vulnerabilities

Same product: Windows 10 Version 1809
Same vendor: Microsoft

V. Comments for CVE-2022-30190

No comments yet

Leave a comment