Microsoft has finally patched DogWalk to keep Windows secure.
Microsoft claims DogWalk, a Windows security issue found in January 2020, has been fixed.
Office 365 parent company said that the remote code execution error, which exists owing to a path traversal weakness in the Windows Support Diagnostic Tool (MSDT) patched as part of the August 2022 Patch.
This flaw is identified as CVE-2022-34713, and if exploited, it allows attackers to run any malware on a given endpoint. It was identified more than two years ago by a researcher named Imre Rad, however, Microsoft at the time claimed that it was not a security vulnerability and hence would not be repaired. Now the flaw has been brought back to light by a separate researcher known as j00sean.
Abusing DogWalk on Windows 11
To exploit DogWalk, the attacker must include malware in the Windows Startup folder. As a result, it is downloaded and executed when the system is rebooted. It may be utilized in low-complexity attacks. However, in order for the malware to work the victim must interact with the system, they have to download the malware or run it themselves.
Microsoft explained that in an email attack scenario the attacker exploits the vulnerability by delivering the specially created file to the user and convincing them to open it. In a web-based attack, the attacker hosts a website containing a specially constructed malware file tailored to exploit the vulnerability. In some cases, they also use a compromised website that accepts or hosts user-provided material.
Microsoft verified that DogWalk may be exploited on all supported versions of Windows, including the most recent versions, Windows 11 and Windows Server 2022.
CVE-2022-30134, a zero-day vulnerability affecting Microsoft Exchange Information Disclosure that allows threat actors to view targeted email messages. In all, 112 problems were corrected, 17 of which were rated crucial.
Since covid 19 pandemic, we have seen cybercrimes on the rise, more and more vulnerabilities are discovered, and more and more malwares are being created. Businesses are struggling with defending themselves from cyberattacks. Tech giants like Microsoft and Google are working on defending and protecting their user security.