Article 5ZVEC Code execution 0-day in Windows has been under active exploit for 7 weeks

Code execution 0-day in Windows has been under active exploit for 7 weeks

by
Dan Goodin
from Ars Technica - All content on (#5ZVEC)
zeroday-800x534.jpg

Enlarge (credit: Getty Images)

A critical code execution zero-day in all supported versions of Windows has been under active exploit for seven weeks, giving attackers a reliable means for installing malware without triggering Windows Defender and a roster of other endpoint protection products.

The Microsoft Support Diagnostic Tool vulnerability was reported to Microsoft on April 12 as a zero-day that was already being exploited in the wild, researchers from Shadow Chaser Group said on Twitter. A response dated April 21, however, informed the researchers that the Microsoft Security Response Center team didn't consider the reported behavior a security vulnerability because, supposedly, the MSDT diagnostic tool required a password before it would execute payloads.

Uh, nevermind

On Monday, Microsoft reversed course, identifying the behavior with the vulnerability tracker CVE-2022-30190 and warning for the first time that the reported behavior constituted a critical vulnerability after all.

Read 14 remaining paragraphs | Comments

index?i=ItKRGA2i2l4:RHJY3pgo96Q:V_sGLiPB index?i=ItKRGA2i2l4:RHJY3pgo96Q:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments