CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability
Microsoft has now revealed the CVE identifier for this vulnerability is CVE-2022-30190, including a Security Update and article with guidance, but no patch looks to be available currently . This guidance comes directly from Microsoft (Here: https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/) which suggests that Defender for Endpoint has a new signature in version 1.367.719.0 (or newer) which should provide partial detection. I can see from the Windows Defender for Automate plugin that the latest version we are deploying at present is 1.367.746.0
If using Microsoft Defender, There are several suggestions to enable the following attack surface rules, URL to get to the settings: https://security.microsoft.com/search/recommendation?q=Attack%20Surface.
Having a plugin in Automate that manages Windows Defender really helped us verify fast that the latest updates have been received by agents. We were able to use the plugin to push updates out to several agents that had not updates to that version without any issues.
What to learn more about Windows Defender for Automate visit Plugins4Automate Defender for Automate plugin
