Microsoft Support Diagnostic Tool vulnerability

Source: NCSC-FI (Finland)
Link: https://www.kyberturvallisuuskeskus.fi/en/haavoittuvuus_10/2022
Published: 2022-06-01

Summary

A zero-day vulnerability in the Microsoft Support Diagnostic Tool enables remote code execution using malicious Microsoft Word documents. Microsoft released a fix on June 14 that should be installed immediately.

Key Points

• Vulnerability type: Remote code execution via malicious Word documents
• Affected software: Microsoft Support Diagnostic Tool
• Severity: Zero-day vulnerability
• Fix available: Released June 14, 2022
• Action required: Install patch immediately

Impact

This zero-day vulnerability allows attackers to execute arbitrary code by tricking users into opening specially crafted Word documents. Organizations should prioritize patching to prevent exploitation.