Back to KEVs

CVE-2022-30190

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

Basic Information

CVE State: PUBLISHED
Reserved Date: May 03, 2022
Published Date: June 01, 2022
Last Updated: February 04, 2025
Vendor: Microsoft
Product: Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)
Description: A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. Please see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability.

CVSS Scores

CVSS v3.1

7.8 - HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2022-06-14 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2022-06-13 04:20:02 UTC) Source

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190

Known Exploited Vulnerability Information

Source	Added Date
CISA	2022-06-14 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/word_msdtjs_rce.rb	2025-04-29 11:01:36 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

word_msdtjs_rce

Type: metasploit • Created: Unknown

Metasploit module for CVE-2022-30190

Muhammad-Ali007/Follina_MSDT_CVE-2022-30190

Type: github • Created: 2023-07-17 15:24:54 UTC • Stars: 1

aminetitrofine/CVE-2022-30190

Type: github • Created: 2023-05-14 13:38:43 UTC • Stars: 7

Follina (CVE-2022-30190) is a Microsoft Office zero-day vulnerability that has recently been discovered. It’s a high-severity vulnerability that hackers can leverage for remote code execution (RCE) attacks.

Nyx2022/Follina-CVE-2022-30190-Sample

Type: github • Created: 2022-12-12 02:04:57 UTC • Stars: 0

Educational Follina PoC Tool

winstxnhdw/CVE-2022-30190

Type: github • Created: 2022-09-15 16:12:57 UTC • Stars: 2

A proof of concept for CVE-2022-30190 (Follina).

EkamSinghWalia/Follina-MSDT-Vulnerability-CVE-2022-30190-

Type: github • Created: 2022-07-21 06:49:44 UTC • Stars: 3

Detection and Remediation of the Follina MSDT Vulnerability (CVE-2022-30190)

Gra3s/CVE-2022-30190_EXP_PowerPoint

Type: github • Created: 2022-06-29 08:48:12 UTC • Stars: 8

This is exploit of CVE-2022-30190 on PowerPoint.

SonicWave21/Follina-CVE-2022-30190-Unofficial-patch

Type: github • Created: 2022-06-13 04:20:02 UTC • Stars: 2

An Unofficial Patch Follina CVE-2022-30190 (patch) by micrisoft Guidelines.

ItsNee/Follina-CVE-2022-30190-POC

Type: github • Created: 2022-06-05 13:54:04 UTC • Stars: 5

DerZiad/CVE-2022-30190

Type: github • Created: 2022-06-04 19:48:37 UTC • Stars: 6

SrikeshMaharaj/CVE-2022-30190

Type: github • Created: 2022-06-03 08:00:01 UTC • Stars: 3

Follina POC by John Hammond

arozx/CVE-2022-30190

Type: github • Created: 2022-06-02 16:14:13 UTC • Stars: 2

A very simple MSDT "Follina" exploit **patched**

suenerve/CVE-2022-30190-Follina-Patch

Type: github • Created: 2022-06-02 13:43:20 UTC • Stars: 2

The CVE-2022-30190-follina Workarounds Patch

swaiist/CVE-2022-30190-Fix

Type: github • Created: 2022-06-02 13:01:46 UTC • Stars: 3

gyaansastra/CVE-2022-30190

Type: github • Created: 2022-06-02 12:58:24 UTC • Stars: 2

komomon/CVE-2022-30190-follina-Office-MSDT-Fixed

Type: github • Created: 2022-06-02 12:33:18 UTC • Stars: 396

CVE-2022-30190-follina.py-修改版，可以自定义word模板，方便实战中钓鱼使用。

sudoaza/CVE-2022-30190

Type: github • Created: 2022-06-01 23:27:14 UTC • Stars: 7

MS-MSDT Follina CVE-2022-30190 PoC document generator

rouben/CVE-2022-30190-NSIS

Type: github • Created: 2022-06-01 18:58:07 UTC • Stars: 3

An NSIS script that helps deploy and roll back the mitigation registry patch for CVE-2022-30190 as recommended by Microsoft

drgreenthumb93/CVE-2022-30190-follina

Type: github • Created: 2022-06-01 11:37:08 UTC • Stars: 8

Just another PoC for the new MSDT-Exploit

sentinelblue/CVE-2022-30190

Type: github • Created: 2022-05-31 18:00:42 UTC • Stars: 4

Microsoft Sentinel analytic rule and hunting queries in ASIM for activity of MSDT and CVE-2022-30190.

archanchoudhury/MSDT_CVE-2022-30190

Type: github • Created: 2022-05-31 14:10:11 UTC • Stars: 38

This Repository Talks about the Follina MSDT from Defender Perspective

doocop/CVE-2022-30190

Type: github • Created: 2022-05-31 12:15:18 UTC • Stars: 59

Microsoft Office Word Rce 复现(CVE-2022-30190)

onecloudemoji/CVE-2022-30190

Type: github • Created: 2022-05-31 06:45:25 UTC • Stars: 104

CVE-2022-30190 Follina POC

JMousqueton/PoC-CVE-2022-30190

Type: github • Created: 2022-05-30 18:17:38 UTC • Stars: 157

POC CVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follina