On Friday, May 27, security researchers identified malicious documents taking advantage of a new zero-day exploit in Microsoft Windows (CVE-2022-30190). The actively exploited vulnerability exists when Microsoft Windows Support Diagnostic Tool (MSDT) is called using the URL protocol from a calling application, such as Microsoft Word. By sending a specially crafted Word document that calls out to a remote URL and downloads a malicious payload, a threat actor could gain persistence and run arbitrary code with the privileges of the calling application.
Because this attack has been observed being actively exploited, and the ease of exploitation (getting an end user to open a malicious Word document), Microsoft is recommending that customers apply a workaround until a patch can be released.
Details of the vulnerability and Microsoft’s recommended workaround can be found at the link below.