Windows Terminal RCE (CVE-2022-44702)

Question

Hello!

I am struggling a bit with a section of workstations in my corporate environment. We use a vulnerability monitoring agent that is detecting Windows Terminal RCE (CVE-2022-44702) on these machines. We have deployed the most current version of Terminal via the Microsoft Store pushing it out from Intune. The deployment status is successful for all workstations affected. So the update is applied and I have manually checked this as well on a selection of examples. However, the vulnerabilities still exist because C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe still exists on the file system. I have tried disk cleanup and storage sense to clean up obsolete files (according to a support AI recommendation), but this still exists. Can someone give me some guidance how to clear these previous version components out of this directory? It is not even accessible by trying to access the folder in Windows Explorer. Thanks!

Answer 1

Hi Matthew,

Thanks for your post. From your description, I understand the C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe still exists even you applied the update. If anything misunderstanding, feel free to let me know.

Based on my research, the inaccessible folder of C:\Program Files\WindowsApps might be due to limit permission for current user profile, please go to the C:\Program Files, right click the folder ‘WindowsApps’ and select ‘Properties’, in the Security tab, click Advanced. In the Permissions window, click the option ‘Replace all child object permission entries with inheritable permission entries from this object’. Reboot the machine and see if you can access the see the C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe. If so, rename the file to xxx-old and see of the vulnerability still exists.

Best Regards,

Ian Xue

---

If the Answer is helpful, please click "Accept Answer" and upvote it.