SoylentNews is people
SoylentNews
Code execution 0-day in Windows has been under active exploit for 7 weeks:
A critical code execution zero-day in all supported versions of Windows has been under active exploit for seven weeks, giving attackers a reliable means for installing malware without triggering Windows Defender and a roster of other endpoint protection products.
The Microsoft Support Diagnostic Tool vulnerability was reported to Microsoft on April 12 as a zero-day that was already being exploited in the wild, researchers from Shadow Chaser Group said on Twitter. A response dated April 21, however, informed the researchers that the Microsoft Security Response Center team didn't consider the reported behavior a security vulnerability because, supposedly, the MSDT diagnostic tool required a password before it would execute payloads.
On Monday, Microsoft reversed course, identifying the behavior with the vulnerability tracker CVE-2022-30190 and warning for the first time that the reported behavior constituted a critical vulnerability after all.
"A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word," the advisory stated. "An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user's rights."
(Score: 2) by istartedi on Saturday June 04 2022, @01:37AM
The "Are you kidding me" aspect for me has more to do with why a document would be allowed to invoke something called "Microsoft Support Diagnostic Tool". That seems like something that would only be run by the application when, oh... I dunno... when something goes wrong? Perhaps by the user when they want to troubleshoot something? Very rarely anyway, and certainly not at the whim of a document.
Appended to the end of comments you post. Max: 120 chars.