Hello @kblowe . Thank you for reaching out McAfee Enterprise Community. Extra Dat is added to regular DAT for certain hashes which was identified as the samples by labs team. Please find the recommendation below,

https://kc.mcafee.com/corporate/index?page=content&id=KB95707 

And please do subscribe to the article to get notifications on the update on this coverage.

Knowledge Center - Coverage for CVE-2022-30190, Microsoft Windows Support Diagnostic Tool Remote Cod... doesn't mention an extra dat, or that this is covered in the regular AMCore update (so I assume it's not). 

Where is the extra dat, and when will it be added to the regular AMCore content?

Hello @ChrisQ Thank you for your post. Please find the list of hashes in the attachment which was identified by the labs team that belongs to the latest Vulnerability [CVE-2022-30190] and initially an Extra Dat was provided for the coverage for those mentioned hashes and we have it covered in regular DAT now . However the recommendation for this vulnerability would be the below article,

https://kc.mcafee.com/corporate/index?page=content&id=KB95707

Please do subscribe the article for the updates regarding the coverage

is the dat file released?

Hello @Shamini . Thank you for your post. Please find the list of hashes in the attachment which was identified by the labs team that belongs to the latest Vulnerability [CVE-2022-30190] and initially an Extra Dat was provided for the coverage for those mentioned hashes and we have it covered in regular DAT now . However the recommendation for this vulnerability would be the below article,

https://kc.mcafee.com/corporate/index?page=content&id=KB95707

Please do subscribe the article for the updates regarding the coverage

What good are hashes going to do?!  MSDT can be called and exploited from any MSDT URL...  Hashes might block the current malicious executables in the wild that are taking advantage of this monumentally terrible attack vector, but it won't stop ALL malicious executables which one must assume will skyrocket, especially given that still no patch exists from Microsoft...

I concede I'm no expert, certainly not to the level of McAfee whose business is that of virus/malware prevention, and that none of this is McAfee's fault, but in my very humble opinion, the only true fix right now is to block all executions of msdt.exe.  It is an executable not necessary for normal business functions.

Again, IMHO, being blocked from running a potentially helpful troubleshooting from Microsoft is an exceedingly small price to pay to block all attempts to use the same troubleshooting tool maliciously...

Again, that's just me, not trying to argue, do with my comments what you wish.  Thank you for your time.

Hello @billmoller . Thank you for your post. Yes you are correct. Hash coverage done by McAfee ENS is only for those hashes which are tested with. However there are lot of recommendations other than the hashes [ Exploit Prevention Rule and the signatures , Access Protection Rules, Adaptive Threat Protection Rules] which is mentioned in the article below,

https://kc.mcafee.com/corporate/index?page=content&id=KB95707

And there is also a Work Around 2,

Microsoft Workaround:
Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability

Disable the MSDT URL Protocol:
Disabling MSDT URL protocol prevents troubleshooters being launched as links including links throughout the operating system. Troubleshooters can still be accessed using the Get Help application and in system settings as other or additional troubleshooters. Follow these steps to disable:

1. Run Command Prompt as Administrator.
2. To back up the registry key, execute the command “reg export HKEY_CLASSES_ROOT\ms-msdt filename“
3. Execute the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f”.

 
Undo the workaround:

1. Run Command Prompt as Administrator.
2. To restore the registry key, execute the reg import filename command.