Microsoft urges Windows users to run patch for DogWalk zero-day exploit

Magdalena Petrova

Microsoft has confirmed that a high-severity, zero-day safety vulnerability is actively being exploited by risk actors and is advising all Home windows and Home windows Server customers to use its newest month-to-month Patch Tuesday replace as quickly as doable.

The vulnerability, generally known as CVE-2022-34713 or DogWalk, permits attackers to use a weak spot within the Home windows Microsoft Help Diagnostic Instrument (MSDT). By utilizing social engineering or phishing, attackers can trick customers into visiting a pretend web site or opening a malicious doc or file and finally acquire distant code execution on compromised methods.

DogWalk impacts all Home windows variations below assist, together with the newest consumer and server releases, Home windows 11 and Home windows Server 2022.

The vulnerability was first reported in January 2020 however on the time, Microsoft stated it didn’t take into account the exploit to be a safety difficulty. That is the second time in current months that Microsoft has been pressured to vary its place on a recognized exploit, having initially rejected studies that one other Home windows MSDT zero-day, generally known as Follina, posed a safety risk. A patch for that exploit was launched in June’s Patch Tuesday replace.

Charl van der Walt, head of safety analysis at Orange Cyberdefense, stated that though Microsoft may maybe be criticised for failing to contemplate how ceaselessly and simply information with apparently harmless extensions are used to ship malicious payloads, additionally famous that with a number of thousand vulnerabilities reported every year, it’s to be anticipated that Microsoft’s risk-based triage strategy to assessing vulnerabilities received’t be infallible.

“If every little thing is pressing, then nothing is pressing,” he stated. “The safety neighborhood has lengthy stopped believing vulnerabilities and threats will probably be eradicated any time quickly, so the problem now turns into the event of a sort of agility that may understand adjustments within the risk panorama and adapt accordingly.”