CVE-2022-34713
HIGH KEVMicrosoft Windows Support Diagnostic Tool - Remote Code Execution
Title source: llmExploitation Summary
CVE-2022-34713 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added August 9, 2022.
Description
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
References (2)
Core 2
Core References
Patch, Vendor Advisory vendor-advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34713
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-34713
Scores
CVSS v3
7.8
EPSS
0.0447
EPSS Percentile
89.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2022-08-09
VulnCheck KEV
2022-08-09
InTheWild.io
2022-08-09
ENISA EUVD
EUVD-2022-37663
Status
published
Products (17)
microsoft/windows_10_1507
< 10.0.10240.19387
microsoft/windows_10_1607
< 10.0.14393.5291
microsoft/windows_10_1809
< 10.0.17763.3287
microsoft/windows_10_20h2
< 10.0.19042.1889
microsoft/windows_10_21h1
< 10.0.19043.1889
microsoft/windows_10_21h2
< 10.0.19044.1889
microsoft/windows_11_21h2
< 10.0.22000.856
microsoft/windows_7
(2 CPE variants)
microsoft/windows_8.1
(2 CPE variants)
microsoft/windows_rt_8.1
... and 7 more
Published
Aug 09, 2022
KEV Added
Aug 09, 2022
Tracked Since
Feb 18, 2026