I was wondering whether you need to have Microsoft Office installed to be vulnerable to CVE-2022-30190 RCE.
As far as I understand, MSDT is the issue here (the attack vector so to say) and as shown here https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/msdt it appears to be part of Windows Server standard programs.
What about Windows 10/11?
msdt.exe is indeed independent of MS Office, it is part of every Windows 10/11 and Windows Server installations (regarding the servers I am not sure which versions are affected).
By default it can be found in C:\Windows\System32\msdt.exe (on 64bit systems there is also a 32bit variant in C:\Windows\SysWOW64\msdt.exe).
Therefore from my understanding Microsoft Office is just one way to trigger the msdt vulnerability (so it is one of multiple attack vectors). Other programs may also be used to trigger it.
