kou1okada/CVE-2022-30190-remove-msdt.bat

## README.ja.md

      
    Raw
  

              README.ja.md
            
          
    CVE-2022-30190 対策

対策用バッチファイル

CVE-2022-30190-remove-msdt.bat
ms-msdt: 無効化のため HKCR\ms-msdt をバックアップの上で削除する。
この対策を行うとトラブルシューティングツール(msdt.exe)を MSDT URL Protocol のリンクから起動できなくなる。
元に戻すには、作成された .reg ファイルをダブルクリック。
後日、Windows Update で対策が行われたら元に戻すことを推奨。
参考資料


https://nvd.nist.gov/vuln/detail/CVE-2022-30190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30190
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190
https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/
https://piyolog.hatenadiary.jp/entry/2022/06/02/010119


## README.md

      
    Raw
  

              README.md
            
          
    Workarounds for CVE-2022-30190

BAT file to disable the MSDT URL Protocol

CVE-2022-30190-remove-msdt.bat
To disable the MSDT URL Protocol,
backup HKCR\ms-msdt and remove it from registry.
This makes to be prevented msdt.exe being launched as links including links throughout the operating system.
To undo this workaround, double click the .reg file which is maked by this BAT file.
References


https://nvd.nist.gov/vuln/detail/CVE-2022-30190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30190
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190
https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/
https://piyolog.hatenadiary.jp/entry/2022/06/02/010119


## CVE-2022-30190-remove-msdt.bat
@ECHO OFF
SETLOCAL

REM Check the permission
openfiles >NUL 2>&1

IF %ERRORLEVEL% == 0 GOTO ;MAIN
REM Elevate with UAC
powershell -C start-process %0 -verb runas
GOTO :EOF

:MAIN
CD %~p0
SET t=%time: =0%
SET FILE=ms-msdt_%date:~0,4%%date:~5,2%%date:~8,2%_%t:~0,2%%t:~3,2%%t:~6,2%.reg
reg.exe export HKCR\ms-msdt %FILE%
reg.exe delete HKCR\ms-msdt /f
ECHO.
ECHO.Countermeasure for CVE-2022-30190
ECHO.Removed "HKCR\ms-msdt".
ECHO.To undo this Countermeasure, double click "%FILE%".
ECHO.
PAUSE
GOTO :EOF

## ms-msdt.reg
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\ms-msdt]
@="URL:ms-msdt"
"EditFlags"=dword:00200000
"URL Protocol"=""

[HKEY_CLASSES_ROOT\ms-msdt\shell]

[HKEY_CLASSES_ROOT\ms-msdt\shell\open]

[HKEY_CLASSES_ROOT\ms-msdt\shell\open\command]
@=hex(2):22,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
  00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,\
  73,00,64,00,74,00,2e,00,65,00,78,00,65,00,22,00,20,00,25,00,31,00,00,00
	Windows Registry Editor Version 5.00

	[HKEY_CLASSES_ROOT\ms-msdt]
	@="URL:ms-msdt"
	"EditFlags"=dword:00200000
	"URL Protocol"=""

	[HKEY_CLASSES_ROOT\ms-msdt\shell]

	[HKEY_CLASSES_ROOT\ms-msdt\shell\open]

	[HKEY_CLASSES_ROOT\ms-msdt\shell\open\command]
	@=hex(2):22,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
	00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,\
	73,00,64,00,74,00,2e,00,65,00,78,00,65,00,22,00,20,00,25,00,31,00,00,00