Skip to content

Latest commit

 

History

History
36 lines (26 loc) · 1.83 KB

README.md

File metadata and controls

36 lines (26 loc) · 1.83 KB

MSDT Patcher, a.k.a. CVE-2022-30190-NSIS

This is an NSIS script that helps deploy and roll back the mitigation registry patch for CVE-2022-30190 as recommended by Microsoft.

Download the executable here.

How does it work?

When run, it checks for the presence of the key HKCR\ms-msdt. If the key exists, it assumes the machine is vulnerable and offers to apply the mitigation patch. If the user confirms, the entire HKCR\ms-msdt key hierarchy is removed, i.e. the equivalent of the following registry patch is executed:

Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\ms-msdt]

If the key HKCR\ms-msdt is absent, this script assumes that all machines have the same exact registry keys under HKCR\ms-msdt, and inserts the equivalent of the following registry patch:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\ms-msdt]
@="URL:ms-msdt"
"EditFlags"=dword:00200000
"URL Protocol"=""

[HKEY_CLASSES_ROOT\ms-msdt\shell]

[HKEY_CLASSES_ROOT\ms-msdt\shell\open]

[HKEY_CLASSES_ROOT\ms-msdt\shell\open\command]
@=hex(2):22,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
  00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,\
  73,00,64,00,74,00,2e,00,65,00,78,00,65,00,22,00,20,00,25,00,31,00,00,00

License and other info

I hope you find this little tool useful. It's licensed under the unlicense, so please feel free to modify and adapt this little hack as you see fit. Contributions are welcome, so fork away and submit a pull request.

!!!WARNING!!! This script will not protect your system against novel attack vectors that don't use the ms-msdt URL handler. Repeat, this is not a proper fix, just a band-aid until Microsoft releases a proper fix for the underlying vulnerability.