Important Notice: On February 29th, this community was put into read-only mode. All existing posts will remain but customers are unable to add new posts or comment on existing. Please feel to join our Community Discord for any questions and discussions.

CVE-2022-30190 Office MSDT Zero Day Fix w/ PDQ

Just wanted to say PDQ is awesome. 

I was able to leverage PDQ to fix the recent zero day MSDT MS Office with a few simple steps. I thought I would share my process that doesnt require any fancy scripting.

CVE Details:

https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/ 

  1. Deploy, Created a new Package
  2. Step 1 Created the backup directory "mkdir -p C:\Backup"
  3. Step 1 Export the msdt.reg key "reg export HKCR\ms-msdt C:\Backup\msdt.reg /y"
  4. Step 2 Delete the MSDT key "reg delete HKCR\ms-msdt /f
  5. Step 3 Restore the MSDT key (Disabled, reserved to put it back later if needed) "reg import C:\backup\msdt.reg"

  1. Inventory - Added C:\backup to my standard file scanner
  2. Created a new Dynamic Collection "Needs MSDT CVE-2022-30190 Fix"  (see Screenshot for the filter)
  3. Ran a scheduled task in deploy against the Inventory Dynamic Collection 

 

70% completion in 8 minutes and more running as heartbeat catches them. 

 

 

 

2

Comments

1 comment
Date Votes
  • Hi,

    Yes, PDQ is really awesome !

    Thank you so much for sharing this with the community. I implemented your approach and it worked seamlessly.

    Have a nice day

    0