Microsoft Windows Support Diagnostic Tool (MSDT) is a legacy service in Windows allowing a technician to analyze diagnostic data remotely.
In April 2022 it was observed to have a security vulnerability that allowed remote code execution. Microsoft recommended that it be disabled until patched, and the MSDT platform has since been marked for decommission in 2025.
Microsoft's recommend action is to disable the registry key allowing the use of the MSDT URL protocol. This should be done for any host running Windows Server 2019 and Windows 10 version 1809 or later (earlier distributions are not affected by this vulnerability).
As per Microsoft's guidance for CVE-2022-30190, the registry key can be disabled by running the following commands
Step 1
Open the Command Prompt as Administrator.
Step 2
Back up the registry key by executing the command
reg export HKEYCLASSES_ROOT\ms-msdt [filename]
Step 3
Keep your file [filename] safe
Step 4
reg delete HKEY_CLASSES_ROOT\ms-msdt /f
Step 5
Once this vulnerability has been addressed by a Microsoft patch, this workaround can then be reversed by the following commands.
reg import [filename]
In addition to this workaround, detections have been added to Field Effect monitoring for exploitation techniques targeting CVE-2022-30190, and Microsoft has also reported adding detections to Windows Defender which Field Effect will also leverage
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article