Security Alert: Automatically Remediate New Zero-Day Exploit in Microsoft Windows Support Diagnostic Tool with Syxsense Enterprise

ALISO VIEJO, Calif.--(BUSINESS WIRE)--Syxsense, a global leader in IT and security management solutions, is offering organizations a free 14-day trial of its Syxsense Enterprise cloud-based endpoint and IT management platform, which includes a pre-built remediation for the newly discovered Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability (CVE-2022-30190).

Register for the free trail of Syxsense Enterprise here and remediate the MSDT remote code execution vulnerability quickly.

The MSDT flaw impacts all Windows versions receiving security updates and was reported by a member of the Shadow Chaser Group. It can be used to execute malicious PowerShell commands via MSDT as Arbitrary Code Execution (ACE) attacks when opening or previewing Word documents. According to Microsoft, “A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.”

“This new MSDT vulnerability yet again reminds us that having mechanisms in place to quickly and effectively remediate and patch endpoint vulnerabilities is key to a strong security posture,” said Ashley Leonard, Founder and CEO at Syxsense. “To help organizations mitigate this latest threat now, we’re upgrading all our Syxsense Secure customers to our Enterprise platform for 14 days so they can fix this issue quickly, and we’re offering any organizations a free 14-day trial so they too can solve this problem fast.”

Syxsense Enterprise is the industry’s first Unified Security and Endpoint Management (USEM) solution that addresses the three key elements of endpoint security – vulnerabilities, patch, and compliance. It layers on a powerful workflow automation tool called Syxsense Cortex™ that remediates and eliminates endpoint security weaknesses – all through a single cloud-based, drag and drop management interface, with hundreds of prebuilt workflows. This includes the ability to identify software vulnerabilities in both OS and 3^rd party applications, misconfigurations from open ports, disabled firewalls, ineffective user account polices and more.

To learn more about the remediation of CVE-2022-30190, see this Syxsense video or download the free trial today at https://www.syxsense.com/start-a-free-trial-of-syxsense.

About Syxsense

Syxsense is a leading provider of innovative, intuitive endpoint security and management technology that combines the power of artificial intelligence with industry expertise to help customers predict and remove security threats across all devices including mobile. Syxsense is the first unified security and endpoint management platform that centralizes the three key elements of endpoint security management (vulnerabilities, patch and compliance) and layers on a powerful workflow automation tool called Syxsense Cortex™, all through a single cloud-based platform, enabling greater efficiency and collaboration between teams. The always-on technology performs in real-time so businesses can operate free of disruption from security breaches that cripple productivity and expose them to financial risk and reputational harm. For more information, visit www.syxsense.com.