Code Execution 0-day in Windows Has Been Under Active Exploit for 7 Weeks
upstart writes:
Code execution 0-day in Windows has been under active exploit for 7 weeks:
A critical code execution zero-day in all supported versions of Windows has been under active exploit for seven weeks, giving attackers a reliable means for installing malware without triggering Windows Defender and a roster of other endpoint protection products.
The Microsoft Support Diagnostic Tool vulnerability was reported to Microsoft on April 12 as a zero-day that was already being exploited in the wild, researchers from Shadow Chaser Group said on Twitter. A response dated April 21, however, informed the researchers that the Microsoft Security Response Center team didn't consider the reported behavior a security vulnerability because, supposedly, the MSDT diagnostic tool required a password before it would execute payloads.
On Monday, Microsoft reversed course, identifying the behavior with the vulnerability tracker CVE-2022-30190 and warning for the first time that the reported behavior constituted a critical vulnerability after all.
"A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word," the advisory stated. "An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user's rights."
Read more of this story at SoylentNews.