There was a recently published exploit using URIs to open MSDT and execute arbitrary code. Microsoft's suggestion was to delete the registry key corresponding to the ms-msdt:// protocol.
Unfortunately, this still leaves MSDT active and presumably exploitable via other routes. Personally, I have never used MSDT, nor would I ever need to. Searching how to disable MSDT (results filtered to before May 1, 2022) gave me this result on how to disable MSDT from communicating with Microsoft:
Registry Hive:
HKEY_LOCAL_MACHINESubkey:
\Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy\Value Name:
DisableQueryRemoteServerType:
REG_DWORDValue:
0
However, I didn't find any further results. Is there a way to disable MSDT entirely? Would simply deleting msdt.exe actually impact the system's stability?
41 Answer
I think that in theory you could try and change the permissions to %WINDOWS%\System32\msdt.exe by removing execution rights temporarily. But this is no guarantee, that the functionality itself isn't accessable via other calls via API. But at least nobody should be able to run it from command prompt.