Welcome to the site where the owners and members have had it with playing "nice" and being "inclusive" and "tolerant" of points of view that are destroying the fabric of what made this country great. The members here are sick and tired of politicians of all parties lying, deceiving, stealing, and pretending they are doing it all for the good of the country while selling out to special interests who have the set goal of destroying this country. We have had enough of career politicians who use their office only for personal gain, and who refuse to listen to the people who put them in office. The membership is no longer part of the silent majority who play nice and get along while getting screwed by anyone with a loud voice and an agenda. We will no longer allow anyone to piss down our back and tell us it's raining. And we like guns too.



Go Back   DIRTYDOZENSBUNKER, LLC > Main > Computer Forum
Photo Gallery DDB Store Arcade Register rel="nofollow">Mark Forums Read

Computer Forum For questions and conversations about Computers and the Internet

Reply
 
Thread Tools Display Modes
Old 06-01-2022, 09:31 AM   #1
aviator
unum de multis
 
aviator's Avatar
 
Join Date: Mar 2006
Location: Bunker's Headquarters.
Posts: 48,341
Default Your Attention Please

Quote:
On Monday, Microsoft reversed course, identifying the behavior with the vulnerability tracker CVE-2022-30190 and warning for the first time that the reported behavior constituted a critical vulnerability after all.
"A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word," the advisory stated. "An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user's rights."
At the time of this story's publication, Microsoft had yet to issue a patch. Instead, it was advising customers to disable the MSDT URL Protocol by:
1. Run Command Prompt as Administrator.
2. To back up the registry key, execute the command "reg export HKEY_CLASSES_ROOT\ms-msdt filename"
3. Execute the command "reg delete HKEY_CLASSES_ROOT\ms-msdt /f"
According to analysis by researcher Kevin Beaumont, the document uses Word to retrieve an HTML file from a remote web server. The document then uses the MSProtocol URI scheme to load and execute PowerShell commands
.

China is doing this. either delete the registry key or do not open any Microsoft Office file sent by a unknown entity. This vulnerability can take over your system once the HTML file gets opened by Office.
__________________

That this nation, under God, shall have a new birth of freedom—and that government of the people, by the people, for the people, shall not perish from the earth.
aviator is online now   Reply With Quote
Old 06-01-2022, 12:48 PM   #2
RTO
Moderator
 
RTO's Avatar
 
Join Date: Mar 2006
Location: Flarda
Posts: 28,449
Default

Thanks for the info. I'm sure MS is on it.

https://www.cisecurity.org/advisory/...ution_2022-074
__________________
3

Make America Like Florida
RTO is online now   Reply With Quote
Old 06-01-2022, 02:08 PM   #3
aviator
unum de multis
 
aviator's Avatar
 
Join Date: Mar 2006
Location: Bunker's Headquarters.
Posts: 48,341
Default

They have known for a few days now but haven't acted yet. I guess they were working on a patch?
aviator is online now   Reply With Quote
Old 06-01-2022, 02:57 PM   #4
JD Miller
slug
 
JD Miller's Avatar
 
Join Date: Apr 2011
Posts: 35,840
Default

Is this something (spam / Junk)sent to your Email ?
__________________
.......
JD Miller is online now   Reply With Quote
Old 06-01-2022, 04:16 PM   #5
aviator
unum de multis
 
aviator's Avatar
 
Join Date: Mar 2006
Location: Bunker's Headquarters.
Posts: 48,341
Default

Quote:
Originally Posted by JD Miller View Post
Is this something (spam / Junk)sent to your Email ?
It may come as a letter sent by someone in Words format. If you don't know the sender don't open it. I get that stuff all the time, even from "lawyers and title agencies" regarding a closing...be careful.
aviator is online now   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT -4. The time now is 04:16 AM.


Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.