Microsoft solves the DogWalk bug with the latest patch in August

Yesterday, Microsoft released a new cumulative patch for August that fixes the vulnerability known as "DogWalk" and numerous other bugs (for a total of 121). In case you don't know it, the "DogWalk" security flaw would allow an attacker to copy an executable file to the Windows autorun folder, provided that a specially created .diagcab file is opened on the target machine and sent via e- mail or downloaded on the network. This executable file, therefore, would be opened at the next Windows restart.

The vulnerability known as "DogWalk" is also referred to as "CVE-2022-34713 - Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability ”and was discovered by researcher Imre Rad in January 2020. Initially, Microsoft took the matter rather lightly, not considering it a major vulnerability. However, after the discovery of the Microsoft Office MSDT bug, some researchers lobbied for DogWalk to be fixed.



Photo Credit: Unsplash.com
64 Elevation of Privilege Vulnerabilities 6 Security Feature Bypass Vulnerabilities 31 Remote Code Execution Vulnerabilities 12 Information Disclosure Vulnerabilities 7 Denial of Service Vulnerabilities 1 Spoofing Vulnerability In addition to “DogWalk”, a other zero-day vulnerability fixed with the latest patch is classified as "CVE-2022-30134 - Microsoft Exchange Information Disclosure Vulnerability", which allows an attacker to read emails.

Recently , we also told you about a very advanced malware that has been around for a year already, called Woody RAT, which implements various features for circumventing network monitoring, for example by exploiting data encryption for HTTP requests to the C2 server. For more information about it, we advise you to read our previous dedicated article.