Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft CVE-2022-30190

Name: Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft CVE-2022-30190
Rating: 5 (135 reviews)
2022-06-12 | CVSS 9.3
## https://sploitus.com/exploit?id=4881AA63-B127-594A-8F5B-ED68FD4BB9FF
# **_🩹CVE-2022-30190 Temporary Fix🩹 (Source Code)_**
These are the source codes of two Python scripts compiled to easily and quickly apply temporary protection against the **_CVE-2022-30190 vulnerability (Follina)_**

Both can be programmed better, but this is just to implement it as quickly as possible and I did it without much Python knowledge, but the important part is... **_it works!_** Hehe

## _What do these '.exe' files do?:_

> Step by step (**_'CVE-2022-30190_temp-fix.py'_** [CVE-2022-30190_temp-fix.exe]):
  1. Backs up the registry key **_'HKEY_CLASSES_ROOT\ms-msdt'_**.
  2. Deletes the registry key **_'HKEY_CLASSES_ROOT\ms-msdt'_**.
  3. Creates a new registry key **_'DWORD'_** with a value of **_'0'_** to enable a **_'Local Group Policy'_** at the path **_'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnostics'_** called **_'EnableDiagnostics'_** (This registry key sets the policy called **_'Troubleshooting: Allow users to access and run troubleshooting wizards.'_** as **_'Disabled'_**, located at **_'Computer Configuration/Policies/Administrative Templates/System/Troubleshooting and Diagnostics/Scripted Diagnostics'_**).

> Step by step (**_'CVE-2022-30190_back-to-normal.py'_** [revert_changes.exe]):
  1. Restores the registry key **_'HKEY_CLASSES_ROOT\ms-msdt'_**.
  2. Deletes **_'.reg'_** file used to restore it.
  3. Deletes the registry key which was created before to enable a **_'Local Group Policy'_**.

## _How to use them:_

- Run **_'CVE-2022-30190_temp-fix.exe'_** as **_administrator_**, that's all.

- **Do not delete the _'.reg'_ file generated because you will need it in the future when Microsoft fixes this vulnerability.**

- If you want to undo all changes made, you just have to run **_'revert_changes.exe'_** as **_administrator_**.

## _My antivirus detected it as a threat?:_

> In most cases it will detected by the AV as a **_threat_**, so you can **add an _exception_** or just **_disable_ it for a moment**, this is because none of the '.exe' files are signed.

## _This vulnerability has been fixed by Microsoft:_

> Here are the links to the updates:
  - For Windows 10: [2022-06 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5014699)](https://support.microsoft.com/en-us/topic/june-14-2022-kb5014699-os-builds-19042-1766-19043-1766-and-19044-1766-5c81d49d-0b6e-4808-9485-1f54e5d1bb15)
  - For Windows 11: [2022-06 Cumulative Update for Windows 11 for x64-based Systems (KB5014697)](https://support.microsoft.com/en-us/topic/june-14-2022-kb5014697-os-build-22000-739-cd3aaa0b-a8da-44a0-a778-dfb6f1d9ea11)