According to Microsoft, the remote code execution vulnerability, which was caused by a path traversal issue in the Windows Support Diagnostic Tool (MSDT), will be fixed as part of the August 2022 Patch Tuesday.
The company has announced that Dog Walk, a security hole in Windows that was initially identified in January 2020, has now been fixed.
The vulnerability, identified as CVE-2022-34713, can allow attackers to execute any code on a target endpoint if it is exploited. Imre Rad, a researcher, made the first discovery more than two years ago, but Microsoft maintained at the time that it wasn’t actually a security risk and wouldn’t be corrected. Today, the problem has once again come to light thanks to a fresh researcher by the name of j00sean.
DogWalk on Windows 11 abuse
The attacker must include a malicious programme in the Windows Startup in order to exploit DogWalk. In this technique, malware is downloaded and run once the system restarts. Low-complexity assaults can leverage it, but there is a catch: the victim must engage with the system (they need to download the malware or run it themselves).
In an email attack scenario, an attacker may take advantage of the flaw by emailing the victim a specially created file and persuading them to open it, according to Microsoft. An attacker could host a website (or use a compromised website that accepts or hosts user-provided content) that contains a specially crafted file tailored to exploit the vulnerability in a web-based attack scenario.
Microsoft verified that DogWalk can be exploited on every supported version of Windows, including the newest iterations, Windows 11 and Windows Server 2022.
In addition, CVE-2022-30134, a zero-day flaw impacting Microsoft Exchange Information Disclosure that enables threat actors to access specific email messages, is fixed in this month’s Patch Tuesday. 112 faults in all were fixed, including 17 that were considered significant.
