| filter event_type = ENUM.PROCESS and action_process_image_command_line contains "msdt.exe" and actor_process_image_name in ("winword.exe", "powerpnt.exe", "excel.exe", "msaccess.exe","visio.exe","onenote. msdt gathers diagnostic data for analysis by support professionals. | fields agent_hostname, action_process_image_command_line, action_process_image_path, actor_process_command_line, actor_process_image_path, causality_actor_process_image_path An attacker can chain other exploits to gain higher privileges. A zero-day vulnerability was discovered on Microsoft Windows Support Diagnostic Tool (MSDT). By selecting these links, you will be leaving NIST webspace. The arbitrary code runs with the privileges of the current user. Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. This vulnerability is actively exploited in the wild. | filter event_type = ENUM.PROCESS and action_process_image_command_line contains "msdt.exe" and action_process_image_command_line contains "it_browseforfile" Risico’s Researchers have identified a zero-day remote code execution vulnerability leveraging the Microsoft Support Diagnostics Tool (MSDT). msdt.exe execution with suspicious argumentĬonfig case_sensitive = false timeframe = 30d The following queries can be executed for hunting successful exploitation:
0 Comments
Leave a Reply. |