PatchSiren cyber security CVE debrief
CVE-2022-30190 Microsoft CVE debrief
CVE-2022-30190 is a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2022-06-14. The catalog entry marks it as known exploited and notes known ransomware campaign use, making it a high-priority issue for defensive response.
- Vendor
- Microsoft
- Product
- Windows
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2022-06-14
- Original CVE updated
- 2022-06-14
- Advisory published
- 2022-06-14
- Advisory updated
- 2022-06-14
Who should care
Windows administrators, endpoint and vulnerability management teams, SOC analysts, incident responders, and any organization that runs Microsoft Windows systems should treat this as urgent. It is especially important for teams that track CISA KEV items or manage systems exposed to untrusted content or user-driven attack paths.
Technical summary
The available official sources identify the issue as a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT). CISA lists it as a known exploited vulnerability and associates it with known ransomware campaign use. Based on the supplied corpus, the key defensive takeaway is that affected Windows systems should be updated according to vendor guidance as soon as possible.
Defensive priority
Critical. CISA designated this as a Known Exploited Vulnerability on 2022-06-14 and set a remediation due date of 2022-07-05. Known exploitation and ransomware campaign association materially raise operational risk beyond a routine patch item.
Recommended defensive actions
- Apply Microsoft updates per vendor instructions immediately.
- Prioritize remediation for internet-facing, high-value, and user-heavy Windows endpoints.
- Use vulnerability and asset inventories to confirm coverage and find unpatched systems.
- Monitor for suspicious document, process, and diagnostic-tool related activity on Windows hosts.
- If patching is delayed, apply compensating controls that reduce exposure to untrusted content and restrict unnecessary execution paths until remediation is complete.
Evidence notes
CISA KEV lists this vulnerability as Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability, with dateAdded 2022-06-14, dueDate 2022-07-05, and knownRansomwareCampaignUse marked Known. The source item metadata instructs: 'Apply updates per vendor instructions.' The supplied corpus does not include additional technical exploit details, so this debrief stays within the official KEV and linked official records.
Official resources
-
CVE-2022-30190 CVE record
CVE.org
-
CVE-2022-30190 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Apply updates per vendor instructions.
-
Source item URL
cisa_kev
Publicly disclosed and officially tracked as known exploited by CISA on 2022-06-14; remediation was due by 2022-07-05 per the KEV catalog.