Microsoft has patched the “DogWalk” zero-day attack, which had been exploited in the past.
This long-standing “DogWalk” zero-day Windows vulnerability has been patched, as confirmed by Microsoft after multiple attacks in the wild.
Microsoft’s “DogWalk” Vulnerability in Windows Has Been Fixed –
After the high-severity “DogWalk” vulnerability was discovered in Windows computers, Microsoft released a patch in August 2022 to address the issue. The team also fixed 140 other issues.
DogWalk, or CVE-2022-34713, is a vulnerability in Microsoft’s Windows Support Diagnostic Tool (MSDT). In the zero-day attacks that have been happening, the MSDT has been abused in order to execute code remotely on a vulnerable system.
This is carried out by sending a malicious diagnostic tool (.diagcab) file to the victim utilizing the vulnerable system. To trigger the exploit, the victim must open this file from a malicious site (a beginner’s guide to rogue websites) or email. Because the user’s action is required, the attacker must typically resort to social engineering to trick them into opening the file.
After the file is opened, the malicious code is run automatically whenever the victim restarts their Windows computer.
DogWalk has been used extensively in the real world –
In spite of the fact that DogWalk was first uncovered in 2019, Microsoft did not treat it as a vulnerability until much later. Even though DogWalk was officially recognized as a security hole in January 2020, Microsoft continued to downplay the severity of the problem.
After much speculation, the business finally admitted that DogWalk had been used in the wild in August of 2022. After this news broke, however, Microsoft quickly announced that the DogWalk flaw had been patched away in the August 2022 update.
Another Zero-Day Vulnerability Preceded the DogWalk Flaw –
Microsoft was forced to admit that another MSDT zero-day vulnerability, called as Follina (or CVE-2022-30190), was being exploited in the wild, alongside the high-severity DogWalk flaw. Similarly, Microsoft initially did not view Follina as a security concern; but, in May 2022, the Microsoft Security Response Center issued a security advisory alerting users to the danger posed by Follina.
Malicious actors keep trying to exploit zero-day vulnerabilities –
As more and more zero-day vulnerabilities in widely used operating systems are discovered, consumers everywhere remain vulnerable to exploitation in the wild. To protect themselves from the current wave of zero-day attacks, Microsoft has strongly recommended that users install the DogWalk patch.
