Aug 2022: Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
CVE-2022-34713 Published on August 9, 2022
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
Known Exploited Vulnerability
This Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. A remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a calling application.
The following remediation steps are recommended / required by August 30, 2022: Apply updates per vendor instructions.
Products Associated with CVE-2022-34713
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-34713 are published in these products:
Affected Versions
Microsoft Windows 10 Version 1809:- Version 10.0.17763.0 and below 10.0.17763.3287 is affected.
- Version 10.0.0 and below 10.0.17763.3287 is affected.
- Version 10.0.17763.0 and below 10.0.17763.3287 is affected.
- Version 10.0.17763.0 and below 10.0.17763.3287 is affected.
- Version 10.0.0 and below 10.0.19043.1889 is affected.
- Version 10.0.20348.0 and below 10.0.20348.887 is affected.
- Version 10.0.0 and below 10.0.19042.1889 is affected.
- Version 10.0.0 and below 10.0.19042.1889 is affected.
- Version 10.0.0 and below 10.0.22000.856 is affected.
- Version 10.0.19043.0 and below 10.0.19044.1889 is affected.
- Version 10.0.10240.0 and below 10.0.10240.19387 is affected.
- Version 10.0.14393.0 and below 10.0.14393.5291 is affected.
- Version 10.0.14393.0 and below 10.0.14393.5291 is affected.
- Version 10.0.14393.0 and below 10.0.14393.5291 is affected.
- Version 6.1.0 and below 6.1.7601.26065 is affected.
- Version 6.1.0 and below 6.1.7601.26065 is affected.
- Version 6.3.0 and below 6.3.9600.20520 is affected.
- Version 6.1.7601.0 and below 6.1.7601.26065 is affected.
- Version 6.1.7601.0 and below 6.1.7601.26065 is affected.
- Version 6.2.9200.0 and below 6.2.9200.23817 is affected.
- Version 6.2.9200.0 and below 6.2.9200.23817 is affected.
- Version 6.3.9600.0 and below 6.3.9600.20520 is affected.
- Version 6.3.9600.0 and below 6.3.9600.20520 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.