Microsoft Security is warning users of a zero-day vulnerability that was initially found in April. Known as “One Click” the flaw has already been exploited through attacks against organizations. Microsoft is now issuing a workaround to help users avoid the bug.
The vulnerability is described as a remote control execution (RCE) bug which is tracking as CVE-2022-3019. This flaw is found in the Microsoft Support Diagnostic Tool (MSDT). Yes, this is a service that gathers information about bugs and reports them to Microsoft Support, which makes this flaw about as ironic as its gets.
If a threat actor successfully exploits the vulnerability, they can change data, delete files, view information, create new accounts, install programs and more.
“A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word,” the company says in its guidance on the Microsoft Security Response Center. “An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application.”
The One Click vulnerability was discovered by researchers with the Shadow Chaser Group. That was back in April 12, which means the flaw has been left unfixed for over six weeks. Attackers have already used an exploit of the bug to attack users in Russia.
At first, Microsoft did not believe the vulnerability was a problem. However, the company has since changed its stance and is urging customers to follow its workaround. At least until Microsoft is able to issue a fix.
Microsoft Security tells users to turn off the MSDT URL, which will stop the flaw from happening. Specifically, disabling the URL “prevents troubleshooters being launched as links including links throughout the operating system”.
This can be done by following these steps:
Run “:Command Prompt as Administrator“;
Back up the registry key through the command “reg export HKEY_CLASSES_ROOT\ms-msdt filename“
execute the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f”.
“Troubleshooters can still be accessed using the Get Help application and in system settings as other or additional troubleshooters,” the company adds.
Tip of the day: The Windows Clipboard history feature provides the functionality across device, space, and time, letting you copy on one computer and paste the text days later on a different PC. All of it is possible via the Windows 10 clipboard manager, which lets you view, delete, pin, and clear clipboard history at will.
In our tutorial we show you how to enable the feature, clear clipboard history, and enable/disable clipboard sync to meet your preferences. You can also create a clear clipboard shortcut for quick removal of stored content.