ATTENTION ONLINE AND SELF-PROCESSING CREDIT UNIONS
Microsoft Windows Support Diagnostic Tool Vulnerability
What Is It?
CU*Answers Network Services is tracking a recently announced security vulnerability when the Microsoft Windows Support Diagnostic tool is used to execute arbitrary code with the privileges from another application such as Microsoft Word.
How Does It Work?
The primary method of executing this vulnerability is through email phishing attacks. Bad actors will send an email attempting to dupe the recipient into opening or previewing an attachment with malicious content embedded in the file. If the file is opened or accessed via the preview function, the attacker could install programs, view, change, delete data, or create new accounts in the context allowed by the user’s rights.
Successful exploitation of this vulnerability requires users to take an action on their computer, so training your users not to click on links, access attachments that are unexpected, or install software on their computers is your best first line of defense.
What Is Microsoft Doing About It?
Microsoft has released a workaround that disables built-in Windows functionality involving the Microsoft Support Diagnostic Tool. This will break the ability to launch troubleshooting tools via links within the operating system. Please refer to the Microsoft Security Response Center article for more details: Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability – Microsoft Security Response Center.
What Can You Do About It?
As mentioned, your best course of action is to educate and frequently remind your users not to fall victim to phishing attacks. Do not let users operate with local administrator rights. Keep your anti-virus software up to date, and use your firewall to restrict outbound access to the Internet to only those sites required to run your business.
Implementing Microsoft’s Mitigation Steps:
CNS can implement Microsoft’s documented workarounds on your network if requested by you, but we will not be making these changes proactively, due to the need to modify each computer’s registry settings as well as remove built-in Windows functionality of the Windows Explorer program.
If you would like to proceed with these workaround steps, please contact the Help Desk to open a ticket for this work. In the ticket request, please reference “CVE-2022-30190 Mitigation Steps” so that we can track the work we will do on your network.
CNS will assess our normal hourly fee on a time and material basis for implementing Microsoft’s recommended mitigation steps and troubleshooting any issues that occur due to the implementation. However, it is important that you communicate the reduced functionality with your staff prior to work being done.
If you have questions or concerns, please contact the Help Desk at extension 266, or by email.