Microsoft urgently patched zero-day vulnerability after 2 years of refusing to acknowledge it
Microsoft has just released security updates to fix a high-severity zero-day vulnerability in Windows.
Moreover, the code that exploits this vulnerability is now publicly available on the internet and hackers are abusing it in attacks.
The patch is part of the August 2022 Patch Tuesday update. The vulnerability is tracked under the code CVE-2022-34713 and is nicknamed DogWalk.
CVE-2022-34713 comes from a path traversal weakness in the Windows Support Diagnostic Tool (MSDT). Hackers can exploit this weakness to remotely execute code on compromised systems.
They can do that by adding manually created malicious executable files to Windows Startup when the victim opens a malicious .diagcab file (received via email or downloaded from the website).
The installed executables will then automatically execute the next time the victim opens the Windows machine. They will perform different tasks, such as downloading additional malicious payloads.
It's worth noting that DogWalk is not a new vulnerability. Security researcher Imre Rad made it public over 2 years ago, January 2020. The decision to make the DogWalk vulnerability public comes after Microsoft responded to Rad's report that it would not release a patch because it was not a security issue.
However, recently the vulnerability in Microsoft Support Diagnostics Tool was rediscovered by researcher j00sean and attracted public attention. Therefore, Microsoft was forced to release a patch.
According to Microsoft, this vulnerability affects all supported versions of Windows, including the latest versions of Windows 11 and Windows Server 2022.
To fix the DogWalk vulnerability, users need to install the August 2022 Patch Tuesday update that has just been released.
You should read it
- Microsoft urges Admin to patch PowerShell vulnerability on Windows
- Firefox releases urgent update to patch zero-day vulnerability being exploited by hackers
- Apple patched many zero-day bugs in iOS 15.4.1 and macOS 12.3.1 updates
- Detected a serious zero-day vulnerability in Microsoft Office, click the document file and it will stick
- Warning of dangerous Spring4Shell vulnerability, there are signs of scanning and exploiting
- Internet Explorer crashed extremely dangerous, Microsoft released an emergency patch
- Discovering two serious RCE vulnerabilities on Windows, Microsoft had to issue an emergency patch
- Patches of dangerous vulnerabilities being exploited by hackers contain dangerous holes and then continue to be exploited by hackers
- PrintNightMare vulnerability patch is flawed, attackers can still 'break through'
- Apple Patches Zero-Day Vulnerability That Could Let iPhones, iPads, and MacBooks Get Hacked
- GitLab patches critical vulnerability that allows hackers to take control of accounts
- VMware patches RCE Spring4Shell vulnerability on a wide range of products
Maybe you are interested
This hidden score shows how well a computer runs Windows Windows 11 22H2: Update Moment 1 with many notable features This is the easiest way to reinstall Windows 11 and fix the problem! 5 ways to turn off Windows 11 Update, stop updating Windows 11 Speed up Internet connection on Windows 11 computer How to check if your Windows computer supports Miracast