Skip to main content
Super User

Return to Question

added 237 characters in body
Source Link
marsh-wiggle
marsh-wiggle
  • 3k
  • 6
  • 29
  • 42

Microsoft publishes a workaround for the msdt exploit (Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability)

The suggested way is to delete the key Computer\HKEY_CLASSES_ROOT\ms-msdt after backing it up:

To back up the registry key, execute the command “reg export HKEY_CLASSES_ROOT\ms-msdt filename“ Execute the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f”.

I don't know how the registration of handlers like this work.

Question: Wouldn't it be enough to rename the key like: Computer\HKEY_CLASSES_ROOT\ms-msdt__RenameBecause_cve-2022-30190 or would the handler still work regardless of the name?

Why I'm asking this: I would like to prevent registry backups on every machine, which may get lost.

Edit: I agree that its the best way to follow the microsoft recommendation. But with hundreds of pcs this way is difficult to implement reliably (not to mention that the registry backups have to be restored at some point)

Microsoft publishes a workaround for the msdt exploit (Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability)

The suggested way is to delete the key Computer\HKEY_CLASSES_ROOT\ms-msdt after backing it up:

To back up the registry key, execute the command “reg export HKEY_CLASSES_ROOT\ms-msdt filename“ Execute the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f”.

I don't know how the registration of handlers like this work.

Question: Wouldn't it be enough to rename the key like: Computer\HKEY_CLASSES_ROOT\ms-msdt__RenameBecause_cve-2022-30190 or would the handler still work regardless of the name?

Why I'm asking this: I would like to prevent registry backups on every machine, which may get lost.

Microsoft publishes a workaround for the msdt exploit (Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability)

The suggested way is to delete the key Computer\HKEY_CLASSES_ROOT\ms-msdt after backing it up:

To back up the registry key, execute the command “reg export HKEY_CLASSES_ROOT\ms-msdt filename“ Execute the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f”.

I don't know how the registration of handlers like this work.

Question: Wouldn't it be enough to rename the key like: Computer\HKEY_CLASSES_ROOT\ms-msdt__RenameBecause_cve-2022-30190 or would the handler still work regardless of the name?

Why I'm asking this: I would like to prevent registry backups on every machine, which may get lost.

Edit: I agree that its the best way to follow the microsoft recommendation. But with hundreds of pcs this way is difficult to implement reliably (not to mention that the registry backups have to be restored at some point)

Source Link
marsh-wiggle
marsh-wiggle
  • 3k
  • 6
  • 29
  • 42

Vulnerability / exploit MSDT (CVE-2022-30190) | Is renaming the registry key "ms-msdt" enough for the workaround?

Microsoft publishes a workaround for the msdt exploit (Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability)

The suggested way is to delete the key Computer\HKEY_CLASSES_ROOT\ms-msdt after backing it up:

To back up the registry key, execute the command “reg export HKEY_CLASSES_ROOT\ms-msdt filename“ Execute the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f”.

I don't know how the registration of handlers like this work.

Question: Wouldn't it be enough to rename the key like: Computer\HKEY_CLASSES_ROOT\ms-msdt__RenameBecause_cve-2022-30190 or would the handler still work regardless of the name?

Why I'm asking this: I would like to prevent registry backups on every machine, which may get lost.