Skip to content

An NSIS script that helps deploy and roll back the mitigation registry patch for CVE-2022-30190 as recommended by Microsoft

License

Notifications You must be signed in to change notification settings

rouben/CVE-2022-30190-NSIS

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

MSDT Patcher, a.k.a. CVE-2022-30190-NSIS

This is an NSIS script that helps deploy and roll back the mitigation registry patch for CVE-2022-30190 as recommended by Microsoft.

Download the executable here.

How does it work?

When run, it checks for the presence of the key HKCR\ms-msdt. If the key exists, it assumes the machine is vulnerable and offers to apply the mitigation patch. If the user confirms, the entire HKCR\ms-msdt key hierarchy is removed, i.e. the equivalent of the following registry patch is executed:

Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\ms-msdt]

If the key HKCR\ms-msdt is absent, this script assumes that all machines have the same exact registry keys under HKCR\ms-msdt, and inserts the equivalent of the following registry patch:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\ms-msdt]
@="URL:ms-msdt"
"EditFlags"=dword:00200000
"URL Protocol"=""

[HKEY_CLASSES_ROOT\ms-msdt\shell]

[HKEY_CLASSES_ROOT\ms-msdt\shell\open]

[HKEY_CLASSES_ROOT\ms-msdt\shell\open\command]
@=hex(2):22,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
  00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,\
  73,00,64,00,74,00,2e,00,65,00,78,00,65,00,22,00,20,00,25,00,31,00,00,00

License and other info

I hope you find this little tool useful. It's licensed under the unlicense, so please feel free to modify and adapt this little hack as you see fit. Contributions are welcome, so fork away and submit a pull request.

!!!WARNING!!! This script will not protect your system against novel attack vectors that don't use the ms-msdt URL handler. Repeat, this is not a proper fix, just a band-aid until Microsoft releases a proper fix for the underlying vulnerability.

About

An NSIS script that helps deploy and roll back the mitigation registry patch for CVE-2022-30190 as recommended by Microsoft

Topics

Resources

License

Stars

Watchers

Forks

Languages