This is an NSIS script that helps deploy and roll back the mitigation registry patch for CVE-2022-30190 as recommended by Microsoft.
When run, it checks for the presence of the key HKCR\ms-msdt
. If the key exists, it assumes the machine is vulnerable and offers to apply the mitigation patch. If the user confirms, the entire HKCR\ms-msdt
key hierarchy is removed, i.e. the equivalent of the following registry patch is executed:
Windows Registry Editor Version 5.00
[-HKEY_CLASSES_ROOT\ms-msdt]
If the key HKCR\ms-msdt
is absent, this script assumes that all machines have the same exact registry keys under HKCR\ms-msdt
, and inserts the equivalent of the following registry patch:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\ms-msdt]
@="URL:ms-msdt"
"EditFlags"=dword:00200000
"URL Protocol"=""
[HKEY_CLASSES_ROOT\ms-msdt\shell]
[HKEY_CLASSES_ROOT\ms-msdt\shell\open]
[HKEY_CLASSES_ROOT\ms-msdt\shell\open\command]
@=hex(2):22,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,\
73,00,64,00,74,00,2e,00,65,00,78,00,65,00,22,00,20,00,25,00,31,00,00,00
I hope you find this little tool useful. It's licensed under the unlicense, so please feel free to modify and adapt this little hack as you see fit. Contributions are welcome, so fork away and submit a pull request.
!!!WARNING!!! This script will not protect your system against novel attack vectors that don't use the ms-msdt URL handler. Repeat, this is not a proper fix, just a band-aid until Microsoft releases a proper fix for the underlying vulnerability.