Skip to content

Instantly share code, notes, and snippets.

@kou1okada
Last active June 3, 2022 07:13
Show Gist options
  • Save kou1okada/fe5315f6a654b7eb1ac24f8c10c51e14 to your computer and use it in GitHub Desktop.
Save kou1okada/fe5315f6a654b7eb1ac24f8c10c51e14 to your computer and use it in GitHub Desktop.
CVE-2022-30190-remove-msdt.bat : Disable the MSDT URL Protocol.

CVE-2022-30190 対策

対策用バッチファイル

CVE-2022-30190-remove-msdt.bat

ms-msdt: 無効化のため HKCR\ms-msdt をバックアップの上で削除する。 この対策を行うとトラブルシューティングツール(msdt.exe)を MSDT URL Protocol のリンクから起動できなくなる。 元に戻すには、作成された .reg ファイルをダブルクリック。

後日、Windows Update で対策が行われたら元に戻すことを推奨。

参考資料

Workarounds for CVE-2022-30190

BAT file to disable the MSDT URL Protocol

CVE-2022-30190-remove-msdt.bat

To disable the MSDT URL Protocol, backup HKCR\ms-msdt and remove it from registry. This makes to be prevented msdt.exe being launched as links including links throughout the operating system. To undo this workaround, double click the .reg file which is maked by this BAT file.

References

@ECHO OFF
SETLOCAL
REM Check the permission
openfiles >NUL 2>&1
IF %ERRORLEVEL% == 0 GOTO ;MAIN
REM Elevate with UAC
powershell -C start-process %0 -verb runas
GOTO :EOF
:MAIN
CD %~p0
SET t=%time: =0%
SET FILE=ms-msdt_%date:~0,4%%date:~5,2%%date:~8,2%_%t:~0,2%%t:~3,2%%t:~6,2%.reg
reg.exe export HKCR\ms-msdt %FILE%
reg.exe delete HKCR\ms-msdt /f
ECHO.
ECHO.Countermeasure for CVE-2022-30190
ECHO.Removed "HKCR\ms-msdt".
ECHO.To undo this Countermeasure, double click "%FILE%".
ECHO.
PAUSE
GOTO :EOF
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\ms-msdt]
@="URL:ms-msdt"
"EditFlags"=dword:00200000
"URL Protocol"=""
[HKEY_CLASSES_ROOT\ms-msdt\shell]
[HKEY_CLASSES_ROOT\ms-msdt\shell\open]
[HKEY_CLASSES_ROOT\ms-msdt\shell\open\command]
@=hex(2):22,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,\
73,00,64,00,74,00,2e,00,65,00,78,00,65,00,22,00,20,00,25,00,31,00,00,00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment