## https://sploitus.com/exploit?id=5E983FEF-4BE8-5A69-BABE-3CFFC983F1B5
# MSDT Patcher, a.k.a. CVE-2022-30190-NSIS
This is an NSIS script that helps deploy and roll back the mitigation registry patch for CVE-2022-30190 as recommended by Microsoft.
[Download the executable here](https://github.com/rouben/CVE-2022-30190-NSIS/releases).
## How does it work?
When run, it checks for the presence of the key `HKCR\ms-msdt`. If the key exists, it assumes the machine is vulnerable and offers to apply the mitigation patch. If the user confirms, the entire `HKCR\ms-msdt` key hierarchy is removed, i.e. the equivalent of the following registry patch is executed:
```reg
Windows Registry Editor Version 5.00
[-HKEY_CLASSES_ROOT\ms-msdt]
```
If the key `HKCR\ms-msdt` is absent, this script assumes that all machines have the same exact registry keys under `HKCR\ms-msdt`, and inserts the equivalent of the following registry patch:
```reg
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\ms-msdt]
@="URL:ms-msdt"
"EditFlags"=dword:00200000
"URL Protocol"=""
[HKEY_CLASSES_ROOT\ms-msdt\shell]
[HKEY_CLASSES_ROOT\ms-msdt\shell\open]
[HKEY_CLASSES_ROOT\ms-msdt\shell\open\command]
@=hex(2):22,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,\
73,00,64,00,74,00,2e,00,65,00,78,00,65,00,22,00,20,00,25,00,31,00,00,00
```
## License and other info
I hope you find this little tool useful. It's licensed under the [unlicense](https://unlicense.org), so please feel free to modify and adapt this little hack as you see fit. Contributions are welcome, so fork away and submit a pull request.
**!!!WARNING!!!** This script will **not** protect your system against novel attack vectors that don't use the ms-msdt URL handler. Repeat, this is **not** a proper fix, just a band-aid until Microsoft releases a proper fix for the underlying vulnerability.