[German]It looks like the developers at Microsoft are planning to phase out the Microsoft Support Diagnostic Tool (MSDT) for Windows 11. At least, Rafael Rivera noticed a corresponding note in the current Windows 11 Insider Preview. The Microsoft page in question, which is referred to, is currently not unlocked yet. Here is some information about what exactly it is about.
What is the MSDT?
The abbreviation MSDT stands for Microsoft Support Diagnostic Tool. The msdt command calls a troubleshooting package on Windows via the command line – or via automated scripts.
The tool starts with a dialog box, where a master key provided by a support staff member is then to be entered. The tool then guides the user through various troubleshooting steps. The msdt command can also be invoked with command line parameters to go immediately to the relevant troubleshooting diagnostic step.
Microsoft has published the msdt support article (last updated 03/22/2021) with more details. A list of available diagnostic packages can be found on this article. The tool is already included with the operating system in Windows 7 and has been carried over into new Windows versions over the years. However, it is not clear to me how often the tool has been used at all – I have deliberately never used it – users usually call the Windows troubleshooter directly to perform the diagnostic steps.
The vulnerability CVE-2022-30190 (Follina)
The tool made headlines in May 2022 due to the disclosure of a new attack vector that abuses the Microsoft Support Diagnostics Utility via the ms-msdt: protocol to download and abuse malicious Word documents (or Excel spreadsheets) from the web. Microsoft has since issued a support document for CVE-2022-30190.
Security researcher Will Dormann suggests to disable the ms-msdt protocol in the above tweet. I had reported about it in the blog post Follina: Attack via Word documents and ms-msdt protocol (CVE-2022-30190)). The Follina vulnerability kept administrators busy for a few days and ACROS Security had even released a 0patch micropatch to close the vulnerability (see article links at the end of the post).
The MSDT will be retired in 2025
Now it looks like Microsoft may bury the Microsoft Support Diagnostic Tool (MSDT) in the medium term. I came across the following tweet from Rafael Rivera this week indicating that the tool could be retired in 2025.
In the MSDT dialog box, a note appears that the Microsoft Support Diagnostic Tool will be retired in 2025. However, the Learn more link is currently still private.
Let's see when the MSDT will be officially discontinued.
Follina: Attack via Word documents and ms-msdt protocol (CVE-2022-30190)
Follina vulnerabilitiy (CVE-2022-30190): Status, Findings, Warnings & Attacks
0Patch Micro patch against Follina vulnerability (CVE-2022-30190) in Windows
Follina (CVE-2022-30190): No major attack wave, but campaigns on EU/US and other targets
Windows Vulnerability Follina (CVE-2022-30190): New findings, new risks (June 9, 2022)
Microsoft patches Follina vulnerability (CVE-2022-30190) in Windows with June 2022 updates
Remote access Trojan "Woody Rat" uses Follina exploits to attack Russian organizations
Cookies helps to fund this blog: Cookie settings