When we speak to prospects, they often say that their IT are “great” and “very responsive”, but are they proactive?

EBS clients are also often unaware of the work we do in the background to keep their systems safe.

This morning, EBS were alerted to a major Microsoft vulnerability (for which there is currently no patch/update) and within an hour of opening we had deployed a fix to all Windows clients that were online – also making sure to update any that were turned off to be updated as soon as they were used.

Microsoft announced a major remote code execution vulnerability effecting Windows 7, 8, 8.1, 10 and even the latest Windows 11.  The vulnerability is summarised in security bulletin CVE-2022-30190.

The issue exists within the MSDT tool built into Windows which can be triggered using its URL protocol from applications such as Microsoft Word.

An attacker who exploits this vulnerability would have access to the machine including the ability to run their own scripts, install programs and view/change/delete data stored on the machine.

Microsoft are yet to release a patch to resolve this, so the EBS Hardware & Technical Services team have deployed a registry fix to protect our supported customers by disabling the MSDT URL protocol on all machines that are vulnerable.

More information on the vulnerability can be found here: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190

If we do not support your business, please make sure your IT support partner, or internal IT are aware of this risk and provide a fix ASAP.

If you have any questions regarding this or other vulnerabilities your Account Manager or our Technical Director (Dan Price) would be happy to help to you.