A vulnerability has been identified within the Microsoft Windows Support Diagnostic Tool (MSDT) via Microsoft Office. It is being tracked under https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190
From Microsoft: A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.
Our security team is deploying the Microsoft recommended guidance which involves disabling the MSDT URL protocol as it is typically not used day-to-day.
Customers with managed security services, monitoring and patching services will be scanned and patched for this vulnerability. If you have any questions, please reach out to us.
Huntress Blog (Technical): https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug