Rule Library

Sigma Rules

2 rules found for "CVE-2022-30190"

3,731Total

3,132Detection

457Emerging

139Hunting

Filters

Type

Severity

Status

Product

Potential Exploitation Attempt From Office Application

Detects Office applications executing a child process that includes directory traversal patterns. This could be an attempt to exploit CVE-2022-30190 (MSDT RCE) or CVE-2021-40444 (MSHTML RCE)

WindowsProcess Creation

Christian Burkard (Nextron Systems)+1Thu Jun 022021

Emerging Threatmediumtest

Suspicious Set Value of MSDT in Registry (CVE-2022-30190)

Detects set value ms-msdt MSProtocol URI scheme in Registry that could be an attempt to exploit CVE-2022-30190.

WindowsRegistry Set

Sittikorn SSun May 312022