Jump to content
  • "DogWalk", another Microsoft-ignored MSDT vulnerability like Follina gets unofficial patch

    aum

    • 496 views
    • 2 minutes
     Share


    • 496 views
    • 2 minutes

    Recently, a Microsoft Support Diagnostic Tool (MSDT) zero-day vulnerability dubbed "Follina" came to the surface when security researchers found it and the word got around thanks to the media. Microsoft apparently ignored the vulnerability as a non-security issue initially (via @CrazymanArmy on Twitter), though later, the company acknowledged the remote code execution (RCE) vulnerability and assigned the tracking ID CVE-2022-30190 to it. While there was no official patch provided by Microsoft except for steps to disable the MSDT, a micropatch was released by the 0patch team that you can download from the link on its official blog post here.

     

    Following Follina, another zero-day threat which was first reported two years ago has come to the surface, and like Follina, this one too apparently has been ignored by Microsoft since the company has deemed it as not meeting "requirement immediate service".

     

     

    This vulnerability, which doesn't have a tracking ID or CVE yet, has been named "DogWalk" and it has been found to be path traversal vulnerability which lands a payload in the Windows Startup folder location:

     

    C:\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup


    This means the malware is executed when the user logs into their system next time. The downloaded diagcab file has a Mark of the Web (MOTW) but MSDT ignores the warning and runs it anyway making users vulnerable to this potential exploit.

     

    The micropatch by 0patch is simple 11 instructions long which basically blocks this MSDT file from running. And like Follina, it is available for the following Windows versions:

     

    • Windows 11 21H2
    • Windows 10 21H2
    • Windows 10 21H1
    • Windows 10 20H2
    • Windows 10 2004
    • Windows 10 1909
    • Windows 10 1903
    • Windows 10 1809
    • Windows 10 1803
    • Windows 7
    • Windows Server 2008 R2
    • Windows Server 2012
    • Windows Server 2012 R2
    • Windows Server 2016
    • Windows Server 2019
    • Windows Server 2022

     

    To download the micropatch, head over to 0patch official blog post linked here. You can also find more technical details in the article.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...