Security News > 2022 > May > Microsoft shares mitigation for Office zero-day exploited in attacks
Microsoft has shared mitigation measures to block attacks exploiting a newly discovered Microsoft Office zero-day flaw abused in the wild to execute malicious code remotely.
The bug is a Microsoft Windows Support Diagnostic Tool remote code execution vulnerability reported by crazyman of the Shadow Chaser Group.
"An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application," Microsoft explains.
Execute the command "Reg delete HKEY CLASSES ROOTms-msdt /f". After Microsoft releases a CVE-2022-30190 patch, you can undo the workaround by launching an elevated command prompt and executing the reg import filename command.
C. While Microsoft says that Microsoft Office's Protected View and Application Guard would block CVE-2022-30190 attacks, CERT/CC vulnerability analyst Will Dormann found that the security feature will not block exploitation attempts if the target previews the malicious documents in Windows Explorer.
According to Shadow Chaser Group's crazyman, the researchers who first spotted and reported the zero-day in April, Microsoft first tagged the flaw as not a "Security-related issue." Still, it later closed the vulnerability submission report with a remote code execution impact.
News URL
Related news
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- 7-Zip MotW bypass exploited in zero-day attacks against Ukraine (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) (source)
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-01 | CVE-2022-30190 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Microsoft products A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. | 0.0 |