Microsoft Support Diagnostic Tool
The Microsoft Support Diagnostic Tool (MSDT) is a legacy Windows service that lets Microsoft support agents analyze diagnostic data remotely to troubleshoot problems.
Two notable security flaws affected MSDT:
- Follina (CVE-2022-30190): A remote code execution flaw in MSDT that can be triggered through Microsoft Office documents. It was publicly disclosed on May 27, 2022, and Microsoft released patches on June 14, 2022. A temporary workaround was to disable MSDT by editing the Windows registry. The bug was used in targeted attacks in Russia and Belarus and is believed to have been used against the Tibetan government-in-exile. MSDT could be invoked from Office templates that download content from a remote server, leading to a buffer overflow and execution of PowerShell code without user’s explicit consent.
- DogWalk (CVE-2022-34713): A path traversal vulnerability in the sdiageng.dll component of MSDT. It was first reported in January 2020 but was exploited in the wild and patched in August 2022. The issue allowed an attacker to trick a user into opening a malicious diagcab file, which would cause MSDT to run arbitrary code.
What to do to stay safe:
- Apply the June 2022 (Follina) and August 2022 (DogWalk) patches when available.
- If possible, disable MSDT until you’ve applied patches by changing the Windows registry.
- Be cautious with Office documents and diagcab files from unknown or untrusted sources.
- Keep Windows and security software up to date.
MSDT deprecation and replacement:
- Microsoft announced that MSDT would be phased out, with future changes and deprecation following May 23, 2023.
- The Get Help tool is the replacement for support interactions in newer versions, and MSDT is planned to be removed in 2025.
This page was last edited on 2 February 2026, at 18:18 (CET).