Microsoft urgently patched zero-day vulnerability after 2 years of refusing to acknowledge it
Moreover, the code that exploits this vulnerability is now publicly available on the internet and hackers are abusing it in attacks.
The patch is part of the August 2022 Patch Tuesday update. The vulnerability is tracked under the code CVE-2022-34713 and is nicknamed DogWalk.
CVE-2022-34713 comes from a path traversal weakness in the Windows Support Diagnostic Tool (MSDT). Hackers can exploit this weakness to remotely execute code on compromised systems.
They can do that by adding manually created malicious executable files to Windows Startup when the victim opens a malicious .diagcab file (received via email or downloaded from the website).
The installed executables will then automatically execute the next time the victim opens the Windows machine. They will perform different tasks, such as downloading additional malicious payloads.
It's worth noting that DogWalk is not a new vulnerability. Security researcher Imre Rad made it public over 2 years ago, January 2020. The decision to make the DogWalk vulnerability public comes after Microsoft responded to Rad's report that it would not release a patch because it was not a security issue.
However, recently the vulnerability in Microsoft Support Diagnostics Tool was rediscovered by researcher j00sean and attracted public attention. Therefore, Microsoft was forced to release a patch.
According to Microsoft, this vulnerability affects all supported versions of Windows, including the latest versions of Windows 11 and Windows Server 2022.
To fix the DogWalk vulnerability, users need to install the August 2022 Patch Tuesday update that has just been released.
You should read it
- Apple patched many zero-day bugs in iOS 15.4.1 and macOS 12.3.1 updates
- Detected a serious zero-day vulnerability in Microsoft Office, click the document file and it will stick
- Warning of dangerous Spring4Shell vulnerability, there are signs of scanning and exploiting
- Internet Explorer crashed extremely dangerous, Microsoft released an emergency patch
- Discovering two serious RCE vulnerabilities on Windows, Microsoft had to issue an emergency patch
- Patches of dangerous vulnerabilities being exploited by hackers contain dangerous holes and then continue to be exploited by hackers
- PrintNightMare vulnerability patch is flawed, attackers can still 'break through'
- Apple Patches Zero-Day Vulnerability That Could Let iPhones, iPads, and MacBooks Get Hacked
May be interested
- PrintNightMare vulnerability patch is flawed, attackers can still 'break through'yesterday, microsoft released a patch for the printnightmare zero-day vulnerability. this bug allows attackers to remotely execute code on fully patched print spooler devices.
- Microsoft has patched the critical vulnerability on Android Remote Desktop applicationthis vulnerability is currently monitored with cve-2019-1108 identifiers, and dangerous ratings at 'important'.
- Microsoft fixes a serious vulnerability that has existed for 17 years in Windows Serverthe vulnerability has tracking code cve-2020-1350 and its official name is sigred. it has been in windows dns server for nearly two decades and has only recently been successfully handled by the efforts of microsoft experts with help from the checkpoint security security team.
- Symantec patched vulnerabilities in antivirus softwareyesterday (may 30), software vendor symantec patched the flaw in its corporate antivirus product line (english version), which was discovered nearly a week ago. the gap is on
- The attack on Microsoft Exchange increased while WannaCry showed signs of returnthe series of security flaws that have existed for a long time in microsoft exchange and have only recently been patched have attracted a lot of attention from both users and cybercriminals.
- Google has just patched a critical Gmail vulnerability, allowing hackers to send fake emailsgoogle just patched a critical vulnerability affecting gmail and g suite. this vulnerability allows hackers to send fake identity emails to scam users.
- Apple patched many zero-day bugs in iOS 15.4.1 and macOS 12.3.1 updatesapple has simultaneously released new versions of their software to update features, fix bugs and patch security holes.
- Serious security vulnerability on AMD CPUs has been patchedusers need to update the microcode patch immediately to ensure security.
- Vulnerability in Microsoft Outlook makes users believe in phishing emailsa new vulnerability has just been discovered by a security researcher on the microsoft outlook platform.
- Serious vulnerability in Microsoft Word is being used by hackers to install malware on computersa zero day vulnerability in microsoft word is being exploited to install malware on windows machines.