Microsoft urgently patched zero-day vulnerability after 2 years of refusing to acknowledge it
Moreover, the code that exploits this vulnerability is now publicly available on the internet and hackers are abusing it in attacks.
The patch is part of the August 2022 Patch Tuesday update. The vulnerability is tracked under the code CVE-2022-34713 and is nicknamed DogWalk.
CVE-2022-34713 comes from a path traversal weakness in the Windows Support Diagnostic Tool (MSDT). Hackers can exploit this weakness to remotely execute code on compromised systems.
They can do that by adding manually created malicious executable files to Windows Startup when the victim opens a malicious .diagcab file (received via email or downloaded from the website).
The installed executables will then automatically execute the next time the victim opens the Windows machine. They will perform different tasks, such as downloading additional malicious payloads.
It's worth noting that DogWalk is not a new vulnerability. Security researcher Imre Rad made it public over 2 years ago, January 2020. The decision to make the DogWalk vulnerability public comes after Microsoft responded to Rad's report that it would not release a patch because it was not a security issue.
However, recently the vulnerability in Microsoft Support Diagnostics Tool was rediscovered by researcher j00sean and attracted public attention. Therefore, Microsoft was forced to release a patch.
According to Microsoft, this vulnerability affects all supported versions of Windows, including the latest versions of Windows 11 and Windows Server 2022.
To fix the DogWalk vulnerability, users need to install the August 2022 Patch Tuesday update that has just been released.
You should read it
- Apple patched many zero-day bugs in iOS 15.4.1 and macOS 12.3.1 updates
- Detected a serious zero-day vulnerability in Microsoft Office, click the document file and it will stick
- Warning of dangerous Spring4Shell vulnerability, there are signs of scanning and exploiting
- Internet Explorer crashed extremely dangerous, Microsoft released an emergency patch
- Discovering two serious RCE vulnerabilities on Windows, Microsoft had to issue an emergency patch
- Patches of dangerous vulnerabilities being exploited by hackers contain dangerous holes and then continue to be exploited by hackers
- PrintNightMare vulnerability patch is flawed, attackers can still 'break through'
- Apple Patches Zero-Day Vulnerability That Could Let iPhones, iPads, and MacBooks Get Hacked
May be interested
- Instructions to record screen with VLC Media Playerinstructions for recording the screen with vlc media player, instructions on how to record the computer screen with vlc media player without installing any other software.
- Ways to fix VLC Media Player not playing videosways to fix vlc media player not playing videos, instructions for some quick ways to fix vlc media player errors that don't play videos on windows computers
- How to prevent others from changing your Windows desktop theme and iconsthere are different ways to change desktop icons and themes on windows. however, it is annoying when other users make these changes without notifying you.
- 6 Best Command Prompt Alternatives for Windowsdo you find the command prompt a bit complicated and feel you need a tool that is easier to use? this is where other terminal emulators come into play!
- Instructions to customize your PC screen with Rainmeterinstructions to customize your pc screen with rainmeter, how to customize your pc screen with rainmeter, bringing a fresh, beautiful and unique look to your computer
- Increase memory limit for 32-bit applications in 64-bit Windowsmost of us today can use microsoft's 64-bit operating system like windows 7 x64 or windows vista x64. allows the computer to use more than 3gb of ram.