When we speak to prospects, they often say that their IT are “great” and “very responsive”, but are they proactive?
EBS clients are also often unaware of the work we do in the background to keep their systems safe.
EBS was alerted to a major Microsoft vulnerability (for which there is currently no patch/update) and within an hour of opening we had deployed a fix to all Windows clients that were online – also making sure to update any that were turned off to be updated as soon as they were used.
Microsoft announced a major remote code execution vulnerability affecting Windows 7, 8, 8.1, 10 and even the latest Windows 11. The vulnerability is summarised in security bulletin CVE-2022-30190.
The issue exists within the MSDT tool built into Windows which can be triggered using its URL protocol from applications such as Microsoft Word.
An attacker who exploits this vulnerability would have access to the machine including the ability to run their own scripts, install programs and view/change/delete data stored on the machine.
The EBS Hardware & Technical Services team deployed a registry fix to protect our supported customers by disabling the MSDT URL protocol on all machines that were vulnerable.
More information on the vulnerability can be found here.
If we do not support your business, please make sure your IT support partner or internal IT are aware of this risk and provide a fix ASAP.
If you have any questions regarding this or other vulnerabilities your Account Manager or our Technical Director, Dan Price, would be happy to help to you.