There was a recently published exploit using URIs to open MSDT and execute arbitrary code. Microsoft's suggestion was to delete the registry key corresponding to the ms-msdt://
protocol.
Unfortunately, this still leaves MSDT active and presumably exploitable via other routes. Personally, I have never used MSDT, nor would I ever need to. Searching how to disable MSDT (results filtered to before May 1, 2022) gave me this result on how to disable MSDT from communicating with Microsoft:
Registry Hive:
HKEY_LOCAL_MACHINE
Subkey:
\Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy\
Value Name:
DisableQueryRemoteServer
Type:
REG_DWORD
Value:
0
However, I didn't find any further results. Is there a way to disable MSDT entirely? Would simply deleting msdt.exe actually impact the system's stability?
msdt.exe
inC:\Windows\System32
?